sapient
asked on
Cisco pix logging to linux
I have cisco pix firewall and RH 7.2 linux. I need to configure syslog on linux. Everything I did in pix but logging is not working
Setting up the PIX is half of the solution. You also need to create syslog.conf entries to recieve and process the data. I'm not at work now and can't look at my PIX and syslog setup, but I'll do that tomorrow and tell you how mine is configured.
Okay, I'm back...
My setup for logging PIX data to a RedHat server is as follows:
1. The server is at 192.168.0.69 and I have:
logging on
logging monitor debugging
logging buffered debugging
logging trap debugging
logging host inside 192.168.0.69
in my PIX configuration.
2. On the RedHat box I have the following in my syslogd.conf:
# PIX additions
local4.emerg /dev/console
local4.alert /dev/console
local4.crit /dev/console
local4.err /dev/console
local4.debug /var/pix/activity
You way want to direct some of those to to different
places or files.
3. To get syslogd to listen on a network socket you need to include the '-r' option. I run mine as 'syslogd -r -m 0'.
If you have a busy PIX you'll want to have plenty of room for the log file and you'll want to rotate it regularly. I roll my PIX log daily.
My setup for logging PIX data to a RedHat server is as follows:
1. The server is at 192.168.0.69 and I have:
logging on
logging monitor debugging
logging buffered debugging
logging trap debugging
logging host inside 192.168.0.69
in my PIX configuration.
2. On the RedHat box I have the following in my syslogd.conf:
# PIX additions
local4.emerg /dev/console
local4.alert /dev/console
local4.crit /dev/console
local4.err /dev/console
local4.debug /var/pix/activity
You way want to direct some of those to to different
places or files.
3. To get syslogd to listen on a network socket you need to include the '-r' option. I run mine as 'syslogd -r -m 0'.
If you have a busy PIX you'll want to have plenty of room for the log file and you'll want to rotate it regularly. I roll my PIX log daily.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
arvind,
Before any one else fusses at you you should know that you ought not to propose an answer unless what you have entered as the answer hasn't already been touched on in a previous comment and you are certain that the comment will solve the problem. In this case your proposed answer is just a slight variation of my previous comment. I'm not overly concerned about in this case but other experts consider actions like this to be extremely rude and will complain, and rightly so.
Before any one else fusses at you you should know that you ought not to propose an answer unless what you have entered as the answer hasn't already been touched on in a previous comment and you are certain that the comment will solve the problem. In this case your proposed answer is just a slight variation of my previous comment. I'm not overly concerned about in this case but other experts consider actions like this to be extremely rude and will complain, and rightly so.
Sorry for I'd forget to click on comments -How do i withdraw ???
Sorry for I'd forget to click on comments -How do i withdraw ???
ASKER
jlevie - I'd already fix all the pix command, but I'm doing wrong in syslog start file. Finally arvind suggest in /etc/sysconfig/syslog. previously I did on /etc/rc.d/init.d/syslog.