FW: [logs] Cisco PIX logs with IP addresses only
Tina Bird
tbird at precision-guesswork.com
Mon Jul 23 09:59:32 PDT 2007
> Is there a way to configure Cisco PIX logging to show only IP
> adresses on its logs?
>
> The destination and/or source hosts in our log entries are displayed
> as names, which I suppose are those names from the configuration
> interface.
Which version of PIX are you running? For the purposes of picking one to
describe, I'm looking at the 7.2 documentation. You can find PIX command
references for other software versions here:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_command_reference
_list.html
or http://tinyurl.com/2jwpyb
For logging *PIX interface IP addresses* rather than interface hostnames
when you are using syslog, you can use the "logging device-id" command,
which lets you specify whether you want hostnames or IP addresses:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/l2_72.h
tml#wp1692412
or http://tinyurl.com/2qxhlo
I'm not sure there's a way to disable hostname lookup *just* for PIX traffic
logs. If you want, you can disable hostname lookup on a per interface basis,
for all activity on the device:
no dns domain-lookup <interface_name>
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/d2_72.h
tml#wp1777563
or http://tinyurl.com/22zd8f
I wouldn't be surprised if these commands are highly dependent on software
version, so if you're not on 7.2, look for equivalents in the appropriate
documentation.
HTH -- tbird
More information about the LogAnalysis
mailing list