Cisco Support Community
Community Member

ASA5510 syslog outputs to multiple log files

Hello all,

I have an ASA5510 and I have it set up to send syslog messages to a host in my DMZ. I'm new to Pix-type firewalls, so don't laugh too hard at my config.

My problem is that I want firewall messages delivered to /var/log/firewall. This works as expected, but messages are also logged to the system log at /var/log/messages.

Here is my ASA5510 logging configuration:

logging enable

logging list IDSLog level notifications class ids

logging list IDSLog level notifications class session

logging list IDSLog level notifications class sys

logging asdm notifications

logging host DMZ

logging permit-hostdown

logging class ids trap warnings

logging class session trap warnings

logging class sys trap warnings

and here is the relevant line in /etc/syslog.conf:

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

local4.* /var/log/firewall

What am I missing? I can't seem to get the firewall to send the messages *only* to the firewall log on local4.




Re: ASA5510 syslog outputs to multiple log files

did you define logging facility for local4 at ASA 5510?

if you defined did you restart syslog daemon to update with new configuration which is modified at syslog.conf?

or 'killall -HUP syslogd'?

CreatePlease to create content