logging facility on ASA

Unanswered Question

I noticed when i try to specify logging facility on the ASA; it only allows specify in the range of 16-23. My problem is the syslog server doesn't seems to have local 16-23 (it only has local 0-7). My goal is to specify different devices (eg. router -> local1;

switches -> local2; firewall ->local3 ..etc) to point to different facility on the syslog server.

Anyone has a quick answer to this, much appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vikram_anumukonda Fri, 04/17/2009 - 08:36

0 - 7 are severity levels and


16 - 23 are facility levels


" Most UNIX systems expect the system log messages to arrive at facility 20 "


check the below links

"http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1750424"


"http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1106984"


And the syslog server's can listen only on one facility level, Pls let me know if you come across anything that can be configured with 2 facility levels.



HTH


Vikram

weylin.piegorsch Fri, 02/12/2016 - 06:27

Linux has long had the ability to support multiple facilities.  Here's what my syslog is tracking:

nseg-17:/var/log$ du -hs local* | awk '{print $2 " " $1}'
local0 0
local1 0
local2 0
local3 201M
local4 74M
local5 0
local6 26M
local7 4.0K
nseg-17:/var/log$ uname -v
#1 SMP Fri Dec 9 04:31:51 EST 2011
nseg-17:/var/log$

srinivas_mukhyla Thu, 05/08/2014 - 11:36

Cisco FW shows it as 16-23 and the same are interpreted as 0-7 by Rsyslog service i.e.

16 = Local0 on rsyslog

17 = Local1 on rsyslog

18 = Local2 on rsyslog

19 = Local3 on rsyslog

20 = Local4 on rsyslog

21 = Local5 on rsyslog

22 = Local6 on rsyslog

23 = Local7 on rsyslog

 

HTH

Actions

This Discussion