Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2169
Views
0
Helpful
4
Replies

Syslog setup with Debian

netperception
Level 1
Level 1

‎08-14-2008 06:59 AM - edited ‎03-09-2019 09:16 PM

Hey all, first off I'd like to thank this great community. I've probably asked most of the new guy questions, and hope to begin to contribute back one day.

I'd like to know, I want the ASA to use a syslog server but I must be able to setup this syslog server onto Debian. I've read that Linux distros use syslog as a standard for it's log files so I maybe able to tap into this but I do particularly wish to have either a separate syslog server or a separate syslog log. What is the common setup practice? (Will help my Google searching)

Labels:
0 Helpful
4 Replies 4

netperception
Level 1
Level 1

‎08-14-2008 12:25 PM

Ok, what I have managed to do is figure out how to setup the linux server and the cisco asa5510. On the Linux side I have made changed to the /etc/init.d/sysklogd and /etc/syslog.conf. In sysklogd I couldn't find a line SYSLOGD="" so I just inserted a value that it mentions to me SYSLOGD="-r -m0". In the syslog.conf file I have added the following line 'local7.* /var/log/asa5510.log'. Then I restarted the /etc/init.d/sysklogd restart. Now I have the log file being created but nothing is being stored. Probably because I couldn't find the SYSLOGD="" line in the previous file. That and when I chose a facility code 'LOCAL7(23)'. But the example game me local7.* does case sensitivity make this not work? or the ()'s and it's value need to be included?

So close

Chuck

0 Helpful

cisco24x7
Level 6
Level 6
In response to netperception

‎08-15-2008 03:33 AM

1- You are using Linux, it is a very good thing,

2- modify the /etc/sysconfig/syslog file and

do this:

before:

SYSLOGD_OPTIONS="-m 0"

after:

SYSLOGD_OPTIONS="-m 0 -r -x"

3- in the /etc/syslog.conf, add the

following line:

local6.* /var/log/cisco.log

4- create a file call /var/log/cisco.log:

touch /var/log/cisco.log

5- restart syslog daemon with "service syslog restart" or "/etc/init.d/syslog restart will do the trick

6- on the ASA or Pix, do this:

logging on

logging host inside x.x.x.x

logging trap 6

logging timestamp

you know the drill

7- Now on your linux box, run "tcpdump -i eth0 -nnn port 514 -X" and you will syslog

message getting to your box and get stored

in the /var/log/cisco.log file.

Easy right?

0 Helpful

netperception
Level 1
Level 1
In response to cisco24x7

‎08-15-2008 06:02 AM

Sure looks easy, but I do not have a /etc/sysconfig folder. So I'll go ahead and create this folder and file now and hope it works. I'll post back my findings.

0 Helpful

cisco24x7
Level 6
Level 6
In response to netperception

‎08-15-2008 08:55 AM

with debian, since it is similar to Gentoo

Linux, the file you need to edit is in

/etc/conf.d/ directory. The file name is

sysklogd.

Enjoy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents