Further to this, I searched Google (I do get it right occasionally....) and found that this happens when you use access lists instead of conduits with 5.1.
I am using 5.1(5), the other PIX I had detailed info on was using 6.22. Still looking for a workaround (other than changing my access lists to conduits). Cheers, Symon -----Original Message----- From: Symon Thurlow Sent: 04 February 2003 20:50 To: [EMAIL PROTECTED] Subject: PIX logging Hi guys, I am studying the PIX, and have successfully set it up, and am logging to kiwi syslog daemon on my windows XP box. I have done this before, not at home, and the info I saw in the syslog screen was reasonably detailed, ie it had the source and destination ports in the text, for warnings. I am now only getting protocol numbers (hence my other question) as seen below: 02-04-2003 20:46:29 Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:29 Local4.Warning 172.16.1.1 Feb 04 2003 20:46:16: %PIX-4-106019: IP packet from 192.168.100.20 to 172.16.1.100, protocol 6 received from interface "DMZ" deny by access-group "dmz2int" 02-04-2003 20:46:26 Local4.Warning 172.16.1.1 Feb 04 2003 20:46:12: %PIX-4-106019: IP packet from 172.16.2.100 to 172.16.1.100, protocol 17 received from interface "DMZ" deny by access-group "dmz2int" This doesn't tell me much. I have been mucking around with debugging levels and facility numbers, but not getting anywhere. Anyone know how to force it to show port numbers? Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62467&t=62467 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]