System Journaling

As with most Cisco products, the system message logging feature can save messages in a buffer or redirect the messages to other devices such as a system logging server to be analyzed or archived. This feature allows administrators to reference these logs in case of security violations.

System journaling is often an overlooked security mechanism. Logging is essential to the security of the network. It can be used to detect security violations, and to help determine the type of attack. If logging is done in real time, it can be used to detect an ongoing intrusion.

PIX also has the added feature that if for any reason the syslog server is no longer available, the PIX will stop all traffic.

UNIX servers by default provide a syslog server; on Windows NT/2000 servers, a syslog server must be downloaded. Cisco provides a syslog server on their Web site (www.cisco.com).

By default, system log messages are sent to the console and Telnet sessions. To redirect logging messages to a syslog server use the logging command. Some of the variables used with the logging command are as follows:

• On starts sending syslog messages to all output locations. Stop all logging with the