How to configure PIX and OSPatrolΒΆ

by Dale Neufeld <canuck.eh ( at ) gmail.com>

This is a very basic setup and the PIX offers a lot more options for syslog configuration including using a different port.

  1. Configuring syslog on the PIX

PIX 6.3 commands http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cc.html#wp1029066

logging on
no logging device-id
no logging timestamp
logging trap warning (see note 1.1 below for options)
logging host interface ipaddress

1.1 Logging Trap Options

Level Number

Level         Keyword
0             emergency
1             alert
2             critical
3             error
4             warning
5             notification
6             informational
7             debugging
  1. Ensure your OSPatrol host is seeing the PIX syslog messages
# tcpdump -i eth0 -A -s 0 udp port 514 and host <pix_ip>
  1. Configure OSPatrol to listen

Add the following to ospatrol.conf

<remote>
   <connection>syslog</connection>
   <allowed-ips>192.168.2.1</allowed-ips>  <!--ip addr of the device-->
   <port>514</port>
</remote>
  1. Restart the ospatrol service to begin listening
# /var/ospatrol/bin/ospatrol-control restart