Firewall Logs

Unanswered Question
Nov 17th, 2008

I've configured logging on our Firewall with the following configs.

logging on

logging timestamp

logging console alerts

logging monitor debugging

logging buffered warnings

logging trap debugging

logging facility 23

logging device-id hostname

logging host inside xx.xx.xx.xx 17/1514

logging host inside xx.xx.xx.xy

I'm using Solarwinds Syslog Server to retrieve the logs but can't see anything from the Firewall. THe syslog server is on our internal network and is configured to monitor the inside interface of our firewall. Why am I not able to view the logs? Pls help me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 11/18/2008 - 07:56

I see you have two hosts your sending syslog to, is it working on the other box? Is the solarwinds box x.x.x.x or x.x.x.y?

bericaleb Tue, 11/18/2008 - 14:19

We have two hosts that should be able to receive the messages. The solarwinds box x.x.x.x is the one I want the logs to sent to as Syslog server is installed on this box.

Collin Clark Tue, 11/18/2008 - 14:24

In your original post, x.x.x.x sends syslog on port 1514, do you have SW setup to receive syslog on that port?

bericaleb Tue, 11/18/2008 - 14:34

There was another monitoring tool that we were using called the Firewall Analyzer but it is no longer used. This software was setup to receive messages on the specified port.

julomban Thu, 11/27/2008 - 15:55

You can try with kiwi, also make sure that you have connectivity between those to host and the FW, for example from the firewall try to ping the two hosts if you get a timeout you will need to correct that before start sending syslogs.


This Discussion