syslog configuration 1

[abovebrd]

I am running a pix 515. I was able to successful configure the firewall, It appears to be do its job. However I have not been able to get the logging facility to work. Nothing appears to be logging the my syslog server. (RH Linx 7.0)

Below is the logging I have set up on Pix
pager lines 24
logging on
no logging timestamp
no logging standby
logging console warnings
logging monitor warnings
no logging buffered
logging trap warnings
no logging history
logging facility 5
logging queue 512
logging host inside 192.168.1.24

Here is what my syslog conf file /etc/syslog.conf
# Cisco PIX
local5.* /var/log/cisco.log
(note: I have seven Tabs above)

Can some one tell me what I am doing wrong ? Nothing is currenlty being logged ?



-Danny

 

[sscalsk]

did you try starting the syslogd with the -r option? If I recall syslogd on RH will not listen to the network by default and needs to be specifically started to field network packets.

-= stan

 

[abovebrd]

sscalsk,

That was a great tip.



-Danny

 

[RichardWatts]

Did Stan's tip help ? From my understanding, you still wont find
anything in the logs. The logging facility has to be "offset" by 16.
The default value is 20 which eqates to local4. In your example,
to use local5.* in your syslog.conf, you would need to specify
"logging facility 21" in your pix config.

Richard.

 

[abovebrd]

Actually Stans tip worked great. statring syslog with -r was all I need to do.

However I did change the pix config to facility 7.

There is only one problem. Since there are other services that use this facility it logs everything to /var/log/messages

If possible I would like to have the pix log to its own file.



-Danny