Lab Exercise—Configure Syslog Output to a Syslog Host or Server from the PIX Firewall Complete the following lab exercises to practice what you have learned. Objectives In this lab exercise you will complete the following tasks: ■ Configure Syslog output. ■ Configure Syslog output to a Syslog server. Visual Objective The following figure displays the topology of the lab environment used in this exercise. ? 2001, Cisco Systems, Inc. www.cisco.com CSPFA 2.0? -32 Lab Visual Objective Lab Visual Objective Inside host Syslog server Internet server web, FTP, and TFTP server PIX Firewall 192.168.P.0/24 e1 inside .1 .2 10.0.P.0 /24 e0 outside .1 e2 dmz 172.16.1.P Bastion host web and FTP server 192.168.P.2 .50 172.16.1.0/24 Internet Copyright  2003, Cisco Systems, Inc. PIX Advanced Road Show Lab 2 -1 Access and Lab Setup To do this lab exercise, you must be connected to the lab at www.labgear.net. Your instructor will provide the username and password for logging into this site. Once logged on, the lab diagram will be displayed (the picture below is for Pod #1): To access the PIX Firewall from the main lab diagram, click on the “CONSOLE” icon associated with the PIX Firewall. A window will open to the PIX console. To access the inside or outside clients, click on the appropriate ”PC Desktop” icon. For these devices you must first authenticate at the “VNC Authentication” screen before you can access the PC desktop. Passwords Use the following passwords for this lab: ■ Lab Gear password: Your instructor will provide it. ■ PIX password: Either no password (just press the Enter key) or cisco. ■ PC client or server: The username is administrator and there is no password (just press the Enter key). ■ VNC password: When you connect to the PCs or servers, use a password of cisco at the VNC screen. PIX Advanced Road Show Copyright  2003, Cisco Systems, Inc. Task 1—Configure Syslog Output Local to PIX Perform the following steps and enter the commands as directed to configure Syslog output. Step 1 Enable Syslog logging: pixP(config)# logging on Step 2 Begin storing messages to the PIX Firewall message buffer and set the logging level to debugging: pixP(config)# logging buffered debugging Step 3 Clear the translation table and the message buffer on the PIX firewall: pixP(config)# clear xlate pixP(config)# clear logging Step 4 Generate some logging messages. Go to the inside client and open a web browser. Type in the address of the outside server, 192.168.P.2 (P = your pod number). You should still be able to access the outside server’s web page. Step 5 View the Syslog messages you generated in the previous Step with the show logging command. New messages appear at the end of the display. Note that the current logging level is shown in the output: pixP(config)# show logging Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: disabled Buffer logging: level debugging, 77 messages logged Trap logging: disabled History logging: disabled Device ID: disabled 111008: User 'enable_15' executed the 'clear logging' command. 609001: Built local-host inside:10.0.1.2 305009: Built dynamic translation from inside:10.0.1.2 to outside:192.168.1.24 302013: Built outbound TCP connection 9 for outside:192.168.1.2/80 (192.168.1.2/80) to inside:10.0.1.2/1219 (192.168.1.24/1219) 304001: 10.0.1.2 Accessed URL 192.168.1.2:/ Copyright  2003, Cisco Systems, Inc. PIX Advanced Road Show Lab 2 -3 Step 6 Clear messages in the buffer and verify they are cleared. pixP(config)# clear logging pixP(config)# show logging Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: disabled Buffer logging: level debugging, 85 messages logged Trap logging: disabled History logging: disabled Device ID: disabled 111008: User 'enable_15' executed the 'clear logging' command. Step 7 Set the logging buffered command back to a minimal level. pixP(config)# logging buffered alerts pixP(config)# show logging Syslog logging: enabled Facility: 20 Timestamp logging: disabled Standby logging: disabled Console logging: disabled Monitor logging: disabled Buffer logging: level alerts, 86 messages logged Trap logging: disabled History logging: disabled Device ID: disabled PIX Advanced Road Show Copyright  2003, Cisco Systems, Inc. Copyright  2003, Cisco Systems, Inc. PIX Advanced Road Show Lab 2 -5 Task 2—Configure Syslog Output to a Syslog Server You will configure the PIX to send Syslog messages to the inside client. The inside client is running a freeware Syslog server from Kiwi Enterprises. There are many others available for use. Step 1 Access the inside client by clicking on the PC Desktop icon. The VNC password is cisco. Step 2 On the inside client, verify that the Kiwi Syslog server is started. On the inside client desktop, double click on the Kiwi Syslog Daemon icon. The Syslog server will start. If you see any old messages, clear them by clicking on View->Clear display. Verify that “Display 00 (Default)” is displayed near the top of the Kiwi Syslog Daemon window. Step 3 On the PIX firewall, designate a host to receive the messages with the logging host command. For normal Syslog operations to any Syslog server, use the default message protocol. pixP(config)# logging host inside 10.0.P.2 (where P = pod number) Step 4 Set the highest possible logging level to the Syslog server or host with the logging trap debugging command. This command is used to start sending messages to the Syslog server or host: pixP(config)# logging trap debugging Step 5 Start sending messages. pixP(config)# logging on Step 6 Issue the following commands on the PIX Firewall: pixP(config)# show version pixP(config)# write memory pixP(config)# clear xlate Step 7 Go to the inside client, and view the messages received by the Syslog server. If you don’t see any messages, check that you used the correct interface and IP address with the logging host command. Completion Criteria If you see the messages in the Syslog application, you have successfully completed this lab. . Copyright  2003, Cisco Systems, Inc. PIX Advanced Road Show Lab 2 -1 Access and Lab Setup To do this lab exercise, you must be connected to the lab at www.labgear.net. Your instructor will provide. Copyright  2003, Cisco Systems, Inc. PIX Advanced Road Show Lab 2 -3 Step 6 Clear messages in the buffer and verify they are cleared. pixP(config)# clear logging pixP(config)# show logging Syslog. logging: disabled Device ID: disabled PIX Advanced Road Show Copyright  2003, Cisco Systems, Inc. Copyright  2003, Cisco Systems, Inc. PIX Advanced Road Show Lab 2 -5 Task 2—Configure Syslog