|
|
PFSS can receive syslog messages from up to 10 PIX Firewall units. You can install this product for use with any PIX Firewall model.
This chapter includes the following sections:
Review the following notes before installing PFSS:
1. You must have access to Cisco Connection Online (CCO) to obtain a copy of the PFSS file.
2. In version 5.1, PFSS now uses the modification date when renaming files. For example, it has been a week today since you started PFSS. Today, PFSS will see that there is already a monday.log file so it looks at the modification date of the monday.log file and sees that, for example, it was last modified on Jan 24, 2000. PFSS renames the monday.log file to monday.012400 and puts it in the backup directory, then creates the new monday.log file for today.
3. You should install Service Pack 6 on the Windows NT system to ensure that the Windows NT system is Y2K compliant.
4. If a PIX Firewall is set to send messages via TCP and if the Windows NT partition containing the log files becomes full, PFSS causes the PIX Firewall to stop all connections until the Windows NT disk space is freed.
5. When you install PFSS on the Windows NT system, write down the values you supply. Once PFSS is installed, the only way you can view the timer durations is by examining the Windows NT registry with regedit and searching for disk_empty_watch. Also, if you need to view the information in the registry, do not change it in the registry. The information can only be changed by clicking Start>Settings>Control Panel>Services.
6. Only install PFSS on a Windows NT system version 4.0 system with Service Pack 3 installed. Install PFSS in the NTFS (not the FAT32) partition on your hard disk.
7. You can install PFSS from either a user or the Administrator login.
8. PFSS log files must reside on the local Windows NT system (not accessed across the network).
9. The PIX Firewall Manager (PFM) and PFSS cannot be used together even if installed on different systems. The PFSS or PFM installation script detects the presence of the other program on the same system and advises you to deinstall the other program.
10. PFSS creates seven rotating syslog files named monday.log, tuesday.log, wednesday.log, thursday.log, friday.log, saturday.log, and sunday.log. If a week has passed since the last log file was created, it will rename the old log file to day.mmddyy where day is the current day, mm is the month, dd is the day, and yy is the year. The size of a log file depends on how many connections can occur on each PIX Firewall and the types of messages you permit to be logged. Refer to the System Log Messages for the Cisco Secure PIX Firewall Version 5.1.
Follow these steps to install the PFSS:
a. Use a network browser, such as Netscape Navigator to access http://www.cisco.com.
b. If you are a registered CCO user, click LOGIN in the upper area of the page. If you have not registered, click REGISTER and follow the steps to register.
c. After you click LOGIN, a dialog box appears requesting your username and password. Enter these and click OK.
d. When you are ready to continue, click Software Center under the Service & Support heading.
e. On the Service & Support page, click Internet Products from the center column.
f. On the Internet Products page, click PIX Firewall Software.
g. On the PIX Firewall Software page, click Download PIX Firewall Software.
h. On the Software Center page, choose the software you need. If you are downloading software for the first time and you use a Windows or MS-DOS system, choose the executable file (pfss43n.exe). This file is a self-extracting archive.
i. On the Software Download page, choose how you want to download the software.
j. You will be again prompted for your CCO login password. Enter it and click OK.
k. The software then downloads to your system.
Step 2 If you have not done so already, open the window of the folder containing the downloaded file. Start the installation by double-clicking the downloaded file.
Step 3 You will be prompted for the following:
a. To start the installation---click Yes.
b. To acknowledge the installation Welcome window---click Next.
c. Destination target and folder---either accept the default settings or click Browse to specify an alternative. You can specify different partitions for the log files that the server creates and the server itself. First you are prompted for where to store the program and then where to put the log files. Make sure that the log files are on the local disk and not a networked disk.
d. Port numbers for the TCP syslog server and the UDP syslog server---either accept the defaults of TCP port 1468 and UDP port 514 or specify ports as required by your system. If you enter a port number, it must be between 1024 and 65535.
e. Percentage of Disk Full---accept the default value of 90% or specify a new value. This integer value between 1 and 100 is the maximum size that the file system can achieve before the Windows NT system signals the PIX Firewall to stop its connections.
f. Disk Empty Watch---specify the duration in seconds that the syslog server waits between checks to see if the disk is still empty. The default is 5 seconds.
g. Disk Full Watch---specify the duration in seconds that the syslog server waits between checks to see if the disk is still full. The default is 3 seconds.
Refer to the logging command page in the configuration guide for your respective software version referenced in the section, "Related Documentation" in "About This Manual." This command page provides additional important information about configuring the PIX Firewall for use with PFSS.
The PFSS starts immediately after installation. This service can be controlled via the Services Control Panel, which you can use to pause the service, then resume the service, stop, or start the service. The service can also be started with different startup parameters from the Services window.
After you complete the installation, follow these steps to change the option values:
Step 2 Change the values by entering one of these commands:
-d %_disk_full---The maximum percentage of how full the disk is that you allow the Windows NT system to reach before causing the PIX Firewall to stop transmissions. This is an integer value in the range of 1 to 100. The default is 90.
-t tcp_port---the port used by the Windows NT system to listen for TCP syslog messages, the default is 1468. If you specify another port, it must be in the range of 1024 to 65535.
-u udp_port---the port used by the Windows NT system to listen for UDP syslog messages, the default is 514. If you specify another port, it must be in the range of 1024 to 65535.
-e disk_empty_watch_timer---the duration in seconds that PFSS waits between checks to see if the disk partition is still empty. The default is 5 seconds, the range is any number greater than zero.
-f disk_full_watch_timer---the duration in seconds that PFSS waits between checks to see if the disk partition is still full. The default is 3 seconds, the range is any number greater than zero.
Step 3 Refer to the logging command page in the configuration guide for a description for how to configure the PIX Firewall to work with the PFSS. You can view this document online for your respective software version referenced in the section, "Related Documentation" in "About This Manual."
Posted: Fri Jun 2 09:54:21 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.