Syslog for FWSM

Unanswered Question
GRAEME DANIELSON Wed, 07/04/2007 - 19:17

If your reason for asking this is to keep the FWSM messages seperate, maybe an easier solution would be to send them to a different facility e.g. local3, within the existing syslog service then uniquely process them there. Would need more info about what you are trying to achieve.

GRAEME DANIELSON Thu, 07/05/2007 - 03:33

A single syslog service can receive and process messages from multiple applications on multiple devices.

syslog messages have a concept of message type or message class known as facility. All messages are "stamped" with a facility.

There are eight facilities available to group and process messages as you wish. These are named local0 - local7.

FWSM messages are sent as local4 by default. This can be changed with the "logging facility" command.

Depending on the capabilites of the syslog program receiving the messages you should be able to

configure it so messages arriving with a certain facility are processed in a customised way.

For example, collect only local4 messages into a file named "fwsm.log"

If this does not meet your needs and you _REALLY_ do require a second syslog service

then FWSM can be configured to send syslogs to a non-standard port with optional udp (or tcp) parameters

on the "logging host" command. For example, you configure a second instance of syslog receiver on your

server IP address 1.1.1.2 listening on udp port 60000 the FWSM config would be

"logging host INSIDE 1.1.1.2 udp/60000"

Actions

This Discussion