centos 7 configure rsyslog to receive cisco logs
I have not been able to verify that logs are being received on the centos 7 server using rsyslog
firewall has udp 514 open and listening same set on the cisco asa
cannot see why it is not working, I do sh logging and it shows how many TX are being sent via the trigger but cannot find on rsyslog server.
firewall has udp 514 open and listening same set on the cisco asa
cannot see why it is not working, I do sh logging and it shows how many TX are being sent via the trigger but cannot find on rsyslog server.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In /etc/rsyslog.conf, uncomment these lines:
$ModLoad imudp
$UDPServerRun 514
$IncludeConfig /etc/rsyslog.d/*.conf
In /etc/rsyslog.d create a file called asa.conf and add these lines where A.B.C.D is the IP of the asa:
if $fromhost-ip startswith 'A.B.C.D' then /var/log/asa.log
& ~
Restart syslog:
systemctl restart rsyslog
$ModLoad imudp
$UDPServerRun 514
$IncludeConfig /etc/rsyslog.d/*.conf
In /etc/rsyslog.d create a file called asa.conf and add these lines where A.B.C.D is the IP of the asa:
if $fromhost-ip startswith 'A.B.C.D' then /var/log/asa.log
& ~
Restart syslog:
systemctl restart rsyslog
Premium Content
You need an Expert Office subscription to comment.Start Free Trial