does cisco 2621 use udp or tcp to syslog?

[yert33]

Trying to log to a syslog server behind the PIX firewall using Kiwi Syslog Daemon. Syslog server listening on UDP port 514. Router "show logging" as follows:
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,
0 overruns)
Console logging: level debugging, 156 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level informational, 4 messages logged
Logging Exception size (4096 bytes)
Trap logging: level informational, 162 message lines logged
Logging to 66.162.209.77, 2 message lines logged

I don;t see any log messages on the syslog server. What am I missing?

 

[yert33]

Sorry I didn't give all the info. I added an access-list statement to permit udp 514 from the router Ethernet address to the syslog server address....

 

[yert33]

...on the PIX, that is.
(Brain dead on Friday afternoon).

 

[yert33]

OK, the syslog server IS getting something from the router, but just "Configured from Console messages". I was expecting a flood of mesages similar to what my PIX outputs. SO I entered this into the router:
logging trap debug
Should this give me the most verbose messages?
Or is the 2621 just kinda mum?

TIA

 

[riverrockblues]

You've probably gotten some messages by specifying the Debug trap level. The default level is warning for which you may not see frequent messages.

 

[riverrockblues]

Also, you may need a security policy for your firewall that permits syslog port (UDP 514) inbound traffic from your router (in the Untrusted zone) to your syslog server (which would be in either your Trusted or DMZ zone).

 

[yert33]

Thanks, RRB, I've learned that evidently the router puts out much fewer messages than my PIX's.....My PIX's just scream to their syslog servers....
Thanks again.