[SOLVED] syslog-ng with Cisco PIX [Archive]

View Full Version : [SOLVED] syslog-ng with Cisco PIX

MatsB

December 2nd, 2007, 12:28 PM

Hi,

For some reason I can't get any log information from my Cisco PIX to syslog-ng. Any ideas?

This is what I've added to /etc/syslog-ng/syslog-ng.conf. Everything els is unchanged.
--------------------------------------------------------------------

source network {
udp();
};

destination df_pix { file("/var/log/pix.log"); };

filter f_local4 { facility(local4); };

log {
source(network);
filter(f_local4);
destination(df_pix);
};

/var/log
-rw-r--r-- 1 root adm 0 2007-12-02 14:10 pix.log

Cisco PIX
----------------------------------------------------------------------
logging on
logging timestamp
logging monitor debugging
logging buffered debugging
logging host inside 192.168.0.103
logging facility 20 (deafult)

MatsB

December 3rd, 2007, 01:35 PM

I've also tried this setup and still nothing in my pix.log file :(

source network {
udp();
};

destination df_pix { file("/var/log/pix.log"); };

log {
source(network);
destination(df_pix);
};

Cisco PIX
----------------------------------------------------------------------
logging on
logging timestamp
logging monitor debugging
logging buffered debugging
logging host inside 192.168.0.103

Maxtorm

December 3rd, 2007, 01:57 PM

I guess your next step for troubleshooting is to determine whether the problem is the PIX or the Ubuntu box. You could run ettercap on the Ubuntu box to sniff for traffic and then create a dummy syslog event on the PIX.

MatsB

December 4th, 2007, 04:58 AM

I simply missed this command in the pix.

logging trap informal