Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Cisco Pix

 

You can integrate Cisco Pix security appliances with JSA.

The Cisco Pix DSM for JSA accepts Cisco Pix events by using syslog. JSA records all relevant Cisco Pix events.

Configuring Cisco Pix to Forward Events

You can configure Cisco Pix to forward events.

  1. Log in to your Cisco PIX appliance by using a console connection, telnet, or SSH.
  2. Type the following command to access Privileged mode:

    enable

  3. Type the following command to access Configuration mode:

    conf t

  4. Enable logging and time stamp the logs:

    logging on

    logging timestamp

  5. Set the log level:

    logging trap warning

  6. Configure logging to JSA:

    logging host <interface> <IP address>

    Where:

    • <interface> is the name of the interface, for example, DMZ, LAN, ethernet0, or ethernet1.

    • <IP address> is the IP address of the JSA host.

    The configuration is complete. The log source is added to JSA as Cisco Pix Firewall events are automatically discovered. Events that are forwarded to JSA by Cisco Pix Firewalls are displayed on the Log Activity tab of JSA.

Syslog Log Source Parameters for Cisco Pix

If JSA does not automatically detect the log source, add a Cisco Pix Firewall log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Cisco Pix Firewall devices:

Table 1: Syslog Log Source Parameters for the Cisco Pix DSM

Parameter

Value

Log Source type

Cisco Pix Firewall

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco Pix Firewall.