Thanks for your replies.

Tonight I have actually setup PIX logging to my OS X box. I figured in the beginning I would collect logs when I was online and start doing some analysis and if it gets interesting, I will look into setting up a dedicated box.

So for those who are interested, the logging levels I have setup as follows:

  • Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Standby logging: enabled
    Console logging: level errors, 0 messages logged
    Monitor logging: level errors, 0 messages logged
    Buffer logging: level errors, 0 messages logged
    Trap logging: level warnings, 1515 messages logged
    Logging to inside mybox
    History logging: level errors, 12995 messages logged
    Device ID: disabled


I was going to setup trap logging level to 'informational' but it ended up logging too much data including all the URL's on the outgoing traffic.

It is interesting from the logs to see what ports are being scanned on my connection. Now I need to find a script on how to correlate the logs and maybe find out how to submit my logs to DShield. I don't think there is a DShield client for OS X at the moment. I have only seen one for Windows.

This is all phun stuff.

Cheers,
Hattori Hanzo