Device-Specific Audit Settings

To generate meaningful reports or notifications about the network activity of a Policy Enforcement Point, you must select the appropriate log level that generates the syslog details required to track session-specific data and device-specific events. To select the appropriate log level, study the audit events that you want Cisco Secure Policy Manager to retain, and then study the documentation provided with your Policy Enforcement Point to determine the minimum log level required to generate all those audit events.

This chapter defines the procedures required to specify this log level for a PIX Firewall and an IOS Router.

Task List for the Settings 1 Panel

You can perform the following tasks from the Settings 1 panel. For step-by-step procedures on performing a specific task, refer to the corresponding section.

Specifying Log Settings for PIX Firewall Activity

To generate meaningful reports about the network activity of the PIX Firewall, you must select the appropriate log level that generates the syslog details required to track session-specific data. From the Settings 1 panel, you can specify that you want to enable logging, specify the log level, and specify the log facility for the selected PIX Firewall.

Note The log levels generated by the PIX Firewall are listed in the Log level (trap) box. This list is ordered to indicate events recorded, and each subsequent log level option includes all the events generated by the previous log level in that list.

To specify the PIX Firewall log settings, perform the following task:

Step 1 Right-click the PIX Firewall icon for which you want to specify the log settings, point to Properties, and then click Settings 1 on the shortcut menu.

Step 2 To specify that you want to enable logging, select the Enable logging check box under Logging.

By default, this option is selected.

Step 3 To specify the facility number that you want this PIX Firewall to use when generating syslog data streams, select that number in the Log facility box under Logging.

The syslog facility is useful when you have a central syslog monitoring system that needs to distinguish among the various network devices that generate syslog data streams. This value enables you to specify that the selected PIX Firewall has a syslog facility value between 16 and 23. This value is included in any syslog messages that are generated by this PIX Firewall. The default value for this box is 20.

Step 4 To specify the level of syslog messages that you want this PIX Firewall to generate, select that level in the Log level (trap) box under Logging.

This value identifies the syslog logging level generated by the PIX Firewall. You can specify one of the following values for this box:

Emergency. Generates syslog messages that identify system instabilities.
Alert. Generates syslog messages that identify system integrity issues that require immediate administrative action. Includes all Emergency messages.
Critical. Generates syslog messages that identify critical system issues. Includes all Emergency and Alert messages.
Error. Generates syslog messages that identify system errors during operation. Includes all Emergency, Alert, and Critical messages.
Warning. Generates syslog messages that identify system warnings, such as possible misconfigurations. Includes all Emergency, Alert, Critical, and Error messages.
Notification. Generates syslog messages that identify normal operations that are typically considered significant events. Includes all Emergency, Alert, Critical, Error, and Warning messages.
Information. Generates syslog messages that identify system information that is typical of day-to-day activity, such as network session records. Includes all Emergency, Alert, Critical, Error, Warning, and Notification messages.
Debugging. Generates syslog messages that assist you in debugging. It also generates logs that identify the commands issued during FTP sessions and the URLs requested during HTTP sessions. Includes all Emergency, Alert, Critical, Error, Warning, Notification, and Information messages.

Note This setting directly affects what level of reports you can generate about the network activity for this PIX Firewall. We recommend that you select Information or Debugging to ensure that all report data is available.

Step 5 To accept your changes and close the selected panel, click OK.

Step 6 To save any changes that you have made, click Save on the File menu.

Specifying Log Settings for IOS Router Node Activity

To generate meaningful reports about the network activity of the IOS Router, you must select the appropriate log level that generates the syslog details required to track session-specific data. From the Settings 1 panel, you can specify that you want to enable logging, specify the log level, and specify the log facility for the selected IOS Router.

Note The log levels generated by the IOS Router are listed in the Log level (trap) box. This list is ordered to indicate events recorded, and each subsequent log level option includes all the events generated by the previous log level in that list.

To specify the IOS Router log settings, perform the following task:

Step 1 Right-click the IOS Router icon for which you want to specify the log settings, point to Properties, and then click Settings 1 on the shortcut menu.

Step 2 To specify that you want to enable logging, select the Enable logging check box under Logging.

By default, this option is selected.

Step 3 To specify the facility number that you want this IOS Router to use when generating syslog data streams, select that value in the Log facility box under Logging.

The syslog facility is useful when you have a central syslog monitoring system that needs to distinguish among the various network objects that generate syslog data streams. This value enables you to specify that the selected IOS Router has a syslog facility value that can be differentiated from other network objects. This value is included in any syslog messages that are generated by this IOS Router. The default value for this box is local7.

Step 4 To specify the level of syslog messages that you want this IOS Router to generate, select that level in the Log level (trap) box under Logging.

This value identifies the syslog logging level generated by the IOS Router. You can specify one of the following values for this box:

Emergencies. Generates syslog messages that identify system instabilities.
Alerts. Generates syslog messages that identify system integrity issues that require immediate administrative action. Includes all Emergency messages.
Critical. Generates syslog messages that identify critical system issues. Includes all Emergency and Alert messages.
Errors. Generates syslog messages that identify system errors during operation. Includes all Emergency, Alert, and Critical messages.
Warnings. Generates syslog messages that identify system warnings, such as possible misconfigurations. Includes all Emergency, Alert, Critical, and Error messages.
Notifications. Generates syslog messages that identify normal operations that are typically considered significant events. Includes all Emergency, Alert, Critical, Error, and Warning messages.
Information. Generates syslog messages that identify system information that is typical of day-to-day activity, such as network session records. Includes all Emergency, Alert, Critical, Error, Warning, and Notification messages.
Debugging. Generates syslog messages that assist you in debugging. It also generates logs that identify the commands issued during FTP sessions and the URLs requested during HTTP sessions. Includes all Emergency, Alert, Critical, Error, Warning, Notification, and Information messages.

Note This setting directly affects what level of reports you can generate about the network activity for this IOS Router. We recommend that you select Information or Debugging to ensure that all report data is available.

Step 5 To accept your changes and close the selected panel, click OK.

Step 6 To save any changes that you have made, click Save on the File menu.

Table of Contents