08-14-2008 06:59 AM - edited 03-09-2019 09:16 PM
Hey all, first off I'd like to thank this great community. I've probably asked most of the new guy questions, and hope to begin to contribute back one day.
I'd like to know, I want the ASA to use a syslog server but I must be able to setup this syslog server onto Debian. I've read that Linux distros use syslog as a standard for it's log files so I maybe able to tap into this but I do particularly wish to have either a separate syslog server or a separate syslog log. What is the common setup practice? (Will help my Google searching)
08-14-2008 12:25 PM
Ok, what I have managed to do is figure out how to setup the linux server and the cisco asa5510. On the Linux side I have made changed to the /etc/init.d/sysklogd and /etc/syslog.conf. In sysklogd I couldn't find a line SYSLOGD="" so I just inserted a value that it mentions to me SYSLOGD="-r -m0". In the syslog.conf file I have added the following line 'local7.* /var/log/asa5510.log'. Then I restarted the /etc/init.d/sysklogd restart. Now I have the log file being created but nothing is being stored. Probably because I couldn't find the SYSLOGD="" line in the previous file. That and when I chose a facility code 'LOCAL7(23)'. But the example game me local7.* does case sensitivity make this not work? or the ()'s and it's value need to be included?
So close
Chuck
08-15-2008 03:33 AM
1- You are using Linux, it is a very good thing,
2- modify the /etc/sysconfig/syslog file and
do this:
before:
SYSLOGD_OPTIONS="-m 0"
after:
SYSLOGD_OPTIONS="-m 0 -r -x"
3- in the /etc/syslog.conf, add the
following line:
local6.* /var/log/cisco.log
4- create a file call /var/log/cisco.log:
touch /var/log/cisco.log
5- restart syslog daemon with "service syslog restart" or "/etc/init.d/syslog restart will do the trick
6- on the ASA or Pix, do this:
logging on
logging host inside x.x.x.x
logging trap 6
logging timestamp
you know the drill
7- Now on your linux box, run "tcpdump -i eth0 -nnn port 514 -X" and you will syslog
message getting to your box and get stored
in the /var/log/cisco.log file.
Easy right?
08-15-2008 06:02 AM
Sure looks easy, but I do not have a /etc/sysconfig folder. So I'll go ahead and create this folder and file now and hope it works. I'll post back my findings.
08-15-2008 08:55 AM
with debian, since it is similar to Gentoo
Linux, the file you need to edit is in
/etc/conf.d/ directory. The file name is
sysklogd.
Enjoy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: