Task 4: Configuring Logging
To help protect your network configuration it is important to log events that are happening on the network. This log information provides valuable insight into what is happening on the network, especially when the network is being attacked or proved. The following steps outline the commands necessary to enable logging at the three locations.
Step 1. | Enable logging on HQ-PIX to the logging server:
logging on
logging trap informational
logging host DMZ 172.16.31.7
| Step 2. | Enable logging on HOU-PIX:
logging on
logging trap informational
logging host outside 172.16.31.7
| Step 3. | Enable logging on MN-PIX:
logging on
logging trap informational
logging host outside 172.16.31.7
|
Note Sending logging information from Houston and Minneapolis to the actual logging server IP address (172.16.31.7) prevents the logging traffic from traversing the Internet in the clear. Sending the logging traffic through the VPN tunnel prevents the logging information from being observed on the Internet, but the real IP address (172.16.31.7) is reachable only when the VPN tunnel is active. |