• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 282
  • Last Modified:

centos 7 configure rsyslog to receive cisco logs

I have not been able to verify that logs are being received on the centos 7 server using rsyslog

firewall has udp 514 open and listening same set on the cisco asa

cannot see why it is not working, I do sh logging and it shows how many TX are being sent via the trigger but cannot find on rsyslog server.
0
mphillip85
Asked:
mphillip85
Advertise Here
  • 3
1 Solution
 
Jan SpringerCommented:
In /etc/rsyslog.conf, uncomment these lines:

   $ModLoad imudp
   $UDPServerRun 514
   $IncludeConfig /etc/rsyslog.d/*.conf

In /etc/rsyslog.d create a file called asa.conf and add these lines where A.B.C.D is the IP of the asa:
    if $fromhost-ip startswith 'A.B.C.D' then /var/log/asa.log
    & ~

Restart syslog:
   systemctl restart rsyslog
1
 
Jan SpringerCommented:
And update logrotate:

   /etc/logrotate.d/syslog

Add /var/log/asa.log
1
 
mphillip85Author Commented:
did I give you all the information you needed to review?

because you gave me the only answer that worked, over all the documentation that I have read.

Thank you very much!
0
 
Jan SpringerCommented:
You did.  You were very clear.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Start This Course
  • 3
Advertise Here
Tackle projects and never again get stuck behind a technical roadblock.
Join Now