04-17-2009 08:07 AM - edited 03-11-2019 08:20 AM
I noticed when i try to specify logging facility on the ASA; it only allows specify in the range of 16-23. My problem is the syslog server doesn't seems to have local 16-23 (it only has local 0-7). My goal is to specify different devices (eg. router -> local1;
switches -> local2; firewall ->local3 ..etc) to point to different facility on the syslog server.
Anyone has a quick answer to this, much appreciated.
04-17-2009 08:36 AM
0 - 7 are severity levels and
16 - 23 are facility levels
" Most UNIX systems expect the system log messages to arrive at facility 20 "
check the below links
"http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1750424"
"http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1106984"
And the syslog server's can listen only on one facility level, Pls let me know if you come across anything that can be configured with 2 facility levels.
HTH
Vikram
02-12-2016 06:27 AM
Linux has long had the ability to support multiple facilities. Here's what my syslog is tracking:
nseg-17:/var/log$ du -hs local* | awk '{print $2 " " $1}'
local0 0
local1 0
local2 0
local3 201M
local4 74M
local5 0
local6 26M
local7 4.0K
nseg-17:/var/log$ uname -v
#1 SMP Fri Dec 9 04:31:51 EST 2011
nseg-17:/var/log$
05-08-2014 11:36 AM
Cisco FW shows it as 16-23 and the same are interpreted as 0-7 by Rsyslog service i.e.
16 = Local0 on rsyslog
17 = Local1 on rsyslog
18 = Local2 on rsyslog
19 = Local3 on rsyslog
20 = Local4 on rsyslog
21 = Local5 on rsyslog
22 = Local6 on rsyslog
23 = Local7 on rsyslog
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: