Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

syslog question.

Status
Not open for further replies.
dbizzle

dbizzle

IS-IT--Management
Jan 7, 2003
8
US
i'm wanting to dump all of my pix logs to a linux box that i have in the mix. I got that working but i can't seem to figure out how to get it to log to a specific file. all i can seem to get it to log to is my messages file, which makes it rather difficult to find acutal *system* messages. It is a pretty busy firewall so i really need to log to another file. I guess i just dont' understand the whole local0-7 logging facility. any insights would be greatly appriciated.

thanks.
 
Sort by date Sort by votes
I do exactly what you are trying to do. The magic is in the /etc/syslog.conf file (assuming Redhat 8.0):

If your pix is outputting to local4, put the following entry will log firewall stuff to /var/log/firewall.log

local4.* /var/log/firewall.log

Remember to restart syslogd (service syslog restart on Redhat).

Note that you probably have an entry of *.info;mail.none, etc... that logs everything to messages. You'll need to break that out of your config, or your local4.* stuff (as listed above) will still appear in /var/log/messages.

Use
man syslog.conf
to get more details. This should get ya started!

Steve
 
Upvote 0 Downvote
that seemed to get it working, but what about messages actually local to the machine. see, i think i'm a little confused about the local0-7. I still want important messages to be logged to messages about the local system ya know?
 
Upvote 0 Downvote

Here's an excerpt from my /etc/syslog.conf file. I managed to log pix stuff to its own file, and avoid swamping /var/log/messages

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none /var/log/messages

# Updated not to put any pix log info in messages!
*.info;mail.none;authpriv.none;cron.none;local4.none /var/log/messages

# Put pix messages in its own file
local4.* /var/log/firewall.log

Also, very, very important: pix logging will fill up /var/log like nobody's business, so you must customize log rotation for it. Create the following file under /etc/logrotate.d called "firewall.log"

/var/log/firewall.log {
compress
rotate 999
daily
missingok
}

The parameters are: compress the log files (using gzip), rotate after 999 weeks, and rotate on a daily basis. I chose daily rotation because if I'm trying to troubleshoot a network event, I can focus on a particular day. Keep in mind that this is controlled by /etc/cron.daily/logrotate, which usually runs at 4:02am, not midnight. Hope this helps!

 
Upvote 0 Downvote
cool, thanks. I actually did setup a log rotation. Its not through logrotate.d but a script that i have done myself. I like to move them to a differnent directory and place extensions on them like *.tue *.wed etc.. I think i understand exactly how the syslog works now after reading the man page about 10 times :) thanks again man.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
297
intel233
intel233
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
77
ChrisHirst
ChrisHirst
hortonhearsawho
  • Locked
  • Question
asa not sending to syslog
Replies
3
Views
109
stubnski
stubnski
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
54
J001
J001
cpaunescu
  • Locked
  • Question
Cisco VPN syslog notifications
Replies
0
Views
63
cpaunescu
cpaunescu

Part and Inventory Search

Sponsor

Back
Top