Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Syslog ?! 1

Status
Not open for further replies.
iiiiss

iiiiss

Technical User
Oct 28, 2002
63
AT
HI !

I wanted to set up a syslog server to receive syslog messages from the PIX (515 with 6.2 (2))
I tried the syslogserver from cisco (pix firewall syslog server) but it received nothing!

It seems that the Pix isn´t sending anything to the syslog server !

I used "logging host inside 192.168.1.57 tcp/1470" .

What could i have done wrong ?

The PIX is working perfect with vpn and everything is going fine ..

Thx for the help
 
Sort by date Sort by votes
Have you included:
logging on
logging trap warnings

-gbiello
 
Upvote 0 Downvote
Check gbiello's reply. If it does not work try to use a different sylsog server like Kiwi. It listens on UDP 514 by default, so you will need:

logging on
logging trap <level>
logging host inside 192.168.1.57

That is all you need. Hope this helps!
 
Upvote 0 Downvote
Thank you for the response !

I tried the kiwi server and now it works....

 
Upvote 0 Downvote
HI.

> I used &quot;logging host inside 192.168.1.57 tcp/1470&quot;
You should know that in the pix, using TCP instead of the default UDP, means that:
&quot;if you can't log it, don't do it&quot;.
Or in other words:
If the pix fails to contact the syslog server, it will stop forwarding any traffic.

If this is not what you want, use the default UDP syslog.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
A follow-up on this -
I have a remote syslog server (Kiwi) that is not receiving any messages from my PIX.

logging on
logging trap informational
logging facility 23
logging host outside x.x.x.193

I also allow all ip traffic out.

Any help?
:)

alien.gif

[TAG]
anongod@hotmail.com
&quot;Drawing on my fine command of language, I said nothing.&quot;
 
Upvote 0 Downvote
Can you do a &quot;logging host outside&quot; command? That seems to me to be the kind of thing that they wouldn't allow... like telnet to the outside interface.

shouldn't it be to the inside interface?
 
Upvote 0 Downvote
Found it - it's the simple things that kill.
Firewall rule on my end, pointing to test server, not production syslog server.

Setting up the outside logging in PDM pops up a warning that it is not &quot;secure&quot; to log to the outside interface, but it does allow.

:)

alien.gif

[TAG]
anongod@hotmail.com
&quot;Drawing on my fine command of language, I said nothing.&quot;
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hortonhearsawho
  • Locked
  • Question
asa not sending to syslog
Replies
3
Views
109
stubnski
stubnski
cpaunescu
  • Locked
  • Question
Cisco VPN syslog notifications
Replies
0
Views
63
cpaunescu
cpaunescu
pichels
  • Locked
  • Question
PIX 506e - v6.3(5): syslogging only HTTP/S traffic?
Replies
0
Views
42
pichels
pichels
superwave33
  • Locked
  • Question
Cisco PIX 525 6.3(4) syslogging
Replies
0
Views
50
superwave33
superwave33
AKent1182
  • Locked
  • Question
PIX 501 syslog question
Replies
0
Views
26
AKent1182
AKent1182

Part and Inventory Search

Sponsor

Back
Top