Syslog setup with Debian

Unanswered Question
Aug 14th, 2008

Hey all, first off I'd like to thank this great community. I've probably asked most of the new guy questions, and hope to begin to contribute back one day.

I'd like to know, I want the ASA to use a syslog server but I must be able to setup this syslog server onto Debian. I've read that Linux distros use syslog as a standard for it's log files so I maybe able to tap into this but I do particularly wish to have either a separate syslog server or a separate syslog log. What is the common setup practice? (Will help my Google searching)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
netperception Thu, 08/14/2008 - 12:25

Ok, what I have managed to do is figure out how to setup the linux server and the cisco asa5510. On the Linux side I have made changed to the /etc/init.d/sysklogd and /etc/syslog.conf. In sysklogd I couldn't find a line SYSLOGD="" so I just inserted a value that it mentions to me SYSLOGD="-r -m0". In the syslog.conf file I have added the following line 'local7.* /var/log/asa5510.log'. Then I restarted the /etc/init.d/sysklogd restart. Now I have the log file being created but nothing is being stored. Probably because I couldn't find the SYSLOGD="" line in the previous file. That and when I chose a facility code 'LOCAL7(23)'. But the example game me local7.* does case sensitivity make this not work? or the ()'s and it's value need to be included?

So close


cisco24x7 Fri, 08/15/2008 - 03:33

1- You are using Linux, it is a very good thing,

2- modify the /etc/sysconfig/syslog file and

do this:




SYSLOGD_OPTIONS="-m 0 -r -x"

3- in the /etc/syslog.conf, add the

following line:

local6.* /var/log/cisco.log

4- create a file call /var/log/cisco.log:

touch /var/log/cisco.log

5- restart syslog daemon with "service syslog restart" or "/etc/init.d/syslog restart will do the trick

6- on the ASA or Pix, do this:

logging on

logging host inside x.x.x.x

logging trap 6

logging timestamp

you know the drill

7- Now on your linux box, run "tcpdump -i eth0 -nnn port 514 -X" and you will syslog

message getting to your box and get stored

in the /var/log/cisco.log file.

Easy right?

netperception Fri, 08/15/2008 - 06:02

Sure looks easy, but I do not have a /etc/sysconfig folder. So I'll go ahead and create this folder and file now and hope it works. I'll post back my findings.

cisco24x7 Fri, 08/15/2008 - 08:55

with debian, since it is similar to Gentoo

Linux, the file you need to edit is in

/etc/conf.d/ directory. The file name is




This Discussion