Fimbulvetr
08-20-2001, 10:30 AM
I'm trying to get my Cisco Pix 515 to log to one of my Linux boxes.
It seems to be rather unsuccesful, although I have had the same firewall log to syslog on an NT box, and it worked fine. If anyone knows anything about this, could you point out my mistake?
Portion of PIX Configuration
********************************************
logging on
logging timestamp
logging trap debugging
logging history debugging
logging host inside 10.10.10.3
********************************************
/etc/syslog.conf file on 10.10.10.3
********************************************
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
local4.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages, plus #log them on another
#machine *.emerg *
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
#local4.=info |/var/log/pix/info
local7.* /var/log/boot.log
********************************************
The pix defaults to facility 20 (whatever tha means), which is a local4, whatever that means.
As you can see I even attempted to get the darn thing to log to the console, and restarted the daemon, but no luck.
The local4.info commented out was the original.
I have a hunch it is something to do with the PIX sending all debug messages and the syslog.conf says .info files, but I tried changing the conf to local4.debug /dev/console
Yes I know it's not the smartest thing in the world to log debugging the the console, but once I know its working I can simply unplug the nic, and change the conf back to log to a file.
Thanks
Fim
It seems to be rather unsuccesful, although I have had the same firewall log to syslog on an NT box, and it worked fine. If anyone knows anything about this, could you point out my mistake?
Portion of PIX Configuration
********************************************
logging on
logging timestamp
logging trap debugging
logging history debugging
logging host inside 10.10.10.3
********************************************
/etc/syslog.conf file on 10.10.10.3
********************************************
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
local4.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages, plus #log them on another
#machine *.emerg *
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
#local4.=info |/var/log/pix/info
local7.* /var/log/boot.log
********************************************
The pix defaults to facility 20 (whatever tha means), which is a local4, whatever that means.
As you can see I even attempted to get the darn thing to log to the console, and restarted the daemon, but no luck.
The local4.info commented out was the original.
I have a hunch it is something to do with the PIX sending all debug messages and the syslog.conf says .info files, but I tried changing the conf to local4.debug /dev/console
Yes I know it's not the smartest thing in the world to log debugging the the console, but once I know its working I can simply unplug the nic, and change the conf back to log to a file.
Thanks
Fim