logging facility on ASA

kope · ‎04-17-2009

I noticed when i try to specify logging facility on the ASA; it only allows specify in the range of 16-23. My problem is the syslog server doesn't seems to have local 16-23 (it only has local 0-7). My goal is to specify different devices (eg. router -> local1;

switches -> local2; firewall ->local3 ..etc) to point to different facility on the syslog server.

Anyone has a quick answer to this, much appreciated.

vikram_anumukonda · ‎04-17-2009

0 - 7 are severity levels and

16 - 23 are facility levels

" Most UNIX systems expect the system log messages to arrive at facility 20 "

check the below links

"http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1750424"

"http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1106984"

And the syslog server's can listen only on one facility level, Pls let me know if you come across anything that can be configured with 2 facility levels.

HTH

Vikram

weylin.piegorsch · ‎02-12-2016

Linux has long had the ability to support multiple facilities. Here's what my syslog is tracking:

nseg-17:/var/log$ du -hs local* | awk '{print $2 " " $1}'
local0 0
local1 0
local2 0
local3 201M
local4 74M
local5 0
local6 26M
local7 4.0K
nseg-17:/var/log$ uname -v
#1 SMP Fri Dec 9 04:31:51 EST 2011
nseg-17:/var/log$

srinivas_mukhyla · ‎05-08-2014

Cisco FW shows it as 16-23 and the same are interpreted as 0-7 by Rsyslog service i.e.

16 = Local0 on rsyslog

17 = Local1 on rsyslog

18 = Local2 on rsyslog

19 = Local3 on rsyslog

20 = Local4 on rsyslog

21 = Local5 on rsyslog

22 = Local6 on rsyslog

23 = Local7 on rsyslog

HTH