05-20-2001 10:25 PM - edited 02-20-2020 09:47 PM
Hi,
I want to setup a Linux server as a Syslog server for my PIX .The procedure which I followed does not seem to be working could anybody point where am I going wrong.
I have created /var/log/pix/pixfirewall on the linux server & appropriately modified the syslog.conf file for local*.* entries
On the PIX (ver 5.3) I hv entered
logging host inside <Ip address>
logging trap 5
When I say sh loggoing on the pIX it says 4598 mesages logged to host <IP address> but when I open the pixfirewall file on the linux server the file is empty.
Do i need to anything more.
05-21-2001 12:44 AM
A couple of things to check.
Turn logging on from the console by issuing the "logging on" command.
Usually you need to define the specific log host by IP address in the "logging host..." command.
Check the logging facility being used on your Linux box. The PIX sends syslog messages to the server at Local4(20).
For more information about setting up syslog on Unix see:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/config.htm#41499
05-21-2001 04:11 AM
I ran into this same situation. Because of the growing concerns for Linux security and the constant efforts to improve it most recent releases of Linux have remote logging for syslog turned off. You probably need to go into /etc/rc.d/init.d and edit the startup for syslog to add a "-r" which is the switch that allows remote logging. If you have the PIX set up properly and have followed the other instruction in the PIX documentation this should be the only other thing you need to do.
Hope this helps!
Bob Staaf
Southern Web Services
Orlando, Fl
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide