Linux server as a Syslog server for PIX firewall

mahavirsj · ‎05-20-2001

Hi,

I want to setup a Linux server as a Syslog server for my PIX .The procedure which I followed does not seem to be working could anybody point where am I going wrong.

I have created /var/log/pix/pixfirewall on the linux server & appropriately modified the syslog.conf file for local*.* entries

On the PIX (ver 5.3) I hv entered

logging host inside <Ip address>

logging trap 5

When I say sh loggoing on the pIX it says 4598 mesages logged to host <IP address> but when I open the pixfirewall file on the linux server the file is empty.

Do i need to anything more.

brford · ‎05-21-2001

A couple of things to check.

Turn logging on from the console by issuing the "logging on" command.

Usually you need to define the specific log host by IP address in the "logging host..." command.

Check the logging facility being used on your Linux box. The PIX sends syslog messages to the server at Local4(20).

For more information about setting up syslog on Unix see:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/config.htm#41499

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

rstaaf · ‎05-21-2001

I ran into this same situation. Because of the growing concerns for Linux security and the constant efforts to improve it most recent releases of Linux have remote logging for syslog turned off. You probably need to go into /etc/rc.d/init.d and edit the startup for syslog to add a "-r" which is the switch that allows remote logging. If you have the PIX set up properly and have followed the other instruction in the PIX documentation this should be the only other thing you need to do.

Hope this helps!

Bob Staaf

Southern Web Services

Orlando, Fl