Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

syslog is tearing my hair out and I cant figure this out

Status
Not open for further replies.
adamrau

adamrau

Programmer
Dec 17, 2001
19
US
This is what i have done.

On pix:
logging host inside 10.0.0.4
logging trap debugging
logging facility 20

On linux server
vi /etc/syslog.conf
I added this line
local4.* /var/log/firewall.log

I stop and restarted syslog both with and without -r option and still i get nothing written.
Does anyone have any idea on what I am doing wrong.
I am at a loss here
Thanks
Adam
 
Sort by date Sort by votes
-rw-r--r-- 1 root root 0 Dec 19 20:09 firewall.log

This is the attributes of my file --> firewall.log

Thanks
 
Upvote 0 Downvote
Please help me!!
Does anyone have any idea where i went wrong???
 
Upvote 0 Downvote
HI.

* Make sure you have the command:
logging on

In your config.

* Try out a different syslog server like:

On a Windows machine.

Than you can better tell if the problem is at the pix or the syslog server.

There is also a syslog message generator in his site that can help you troubleshoot further.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Hi,
I setup kiwi on my laptop and waaa laa!! Everything is working fine. But I still need this to work on my linux server. Im not running iptables or ipchains. I have started syslog with the -r option.

Do you know why else this wouldnt work. WHy must everything be so difficult on linux?
Thanks
 
Upvote 0 Downvote
HI.

Well, it will still be easier for you now.

First of all, can the pix and linux ping each other?

There is probably a linux forum here, so if you don't find the answer try asking there as well.

And check out CISCO web site and linux web sites for specific documents about syslog.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
The pix can ping the server and the server can ping the pix.
I posted a message in the linux forum, but noone has gotten back to me in about a week.

Ill take any more suggestions.
Thanks again
Adam
 
Upvote 0 Downvote
try:
local7.* /var/log/firewall.log
and Logging facility 7 on router or PIX
 
Upvote 0 Downvote
Adam,

What distribution and version of Linux are you using?

Liberty for All,

Brian
 
Upvote 0 Downvote
Create /var/log/firewall.log with write permission for the user that run syslogd daemon. Then restart the syslogd with kill -1 "pid of syslogd".
Anyway I don't advise you to make debug logging without filtering bogus messages - and there's a lot of unneeded messages. Under normal activitis you will get around 100Mb/day syslog messages.
 
Upvote 0 Downvote
Hi all,

I am using RedHat 7.1. I will try everything that you guys have stated and post an update.
Sorry...I was out of the office.

 
Upvote 0 Downvote
I tried this:
local7.* /var/log/firewall.log
and Logging facility 7 on router or PIX

File has the correct attributes:
-rw-r--r-- 1 root root 0 Dec 19 20:09 firewall.log

Is there any logs that can tell me whats going on. It has to be linux because i setup kiwi on my laptop as a test and it works.
THanks for everyones help, but if anyone has anything else to add, ill take some more.




 
Upvote 0 Downvote
Please don't flame me on this since we are talking about Linux. I use a WinNT machine as my syslog server running a piece of software called Kiwi Syslog Daemon. Oddly enough the Cisco TAC that I was working with when I had a problem with Cisco's Syslog Daemon recommended the file over Cisco's. I think it offers more flexibility than Cisco's with 1/2 the headache. Search Cnet.com and you should have no problem finding it. Oh yeah, it runs on any Win 9X platform.

This isnt a solution to the main thread here it's just a suggested solution that works for me.
 
Upvote 0 Downvote
Hi,
Thanks for the reply. Kiwi works sweet on my laptop. Only problem is that my server is linux and kiwi doesnt work on linux.

Thanks
 
Upvote 0 Downvote
Glad I could help. I love the software. You can try Tucows.com for a syslog Daemon for Linux, they have a pretty good selection of software.
 
Upvote 0 Downvote
What you need to do is configure the syslogd to accept network messags. This behavior is not enabled by default.

Edit this file:
/etc/sysconfig/syslog

and make the following change for the SYSLOGD_OPTIONS variable:
SYSLOGD_OPTIONS="-m 0 -r"

Make sure you have the -r switch which is not enabled by default. Then restart your syslog daemon:
/etc/init.d/syslog restart

Everything should work now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
795
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
272
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
236
nnaarrnn
nnaarrnn
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
242
XLNTech1
XLNTech1
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
195
Nitta84
Nitta84

Part and Inventory Search

Sponsor

Back
Top