Results 1 to 7 of 7

Thread: syslog local0 - local7 help - for receiving log event from cisco asa

  1. #1
    Join Date
    Apr 2008
    Location
    224.0.0.5
    Beans
    372
    Distro
    Ubuntu 12.04 Precise Pangolin

    syslog local0 - local7 help - for receiving log event from cisco asa

    Folks,
    I am trying to understand the local0 - local7 facility usage. I understand that daemons use these to log events; however, what local0 - local7 facility do I pick to receive my ASA events?

    I believe local7 is boot events - does anyone have a list of what the default local0 - level7 are used for? Which one do I select to receive my ASA events?

    thanks.
    Arrakis

  2. #2
    Join Date
    Nov 2006
    Location
    Craggy Island.
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: syslog local0 - local7 help - for receiving log event from cisco asa

    Do the old PIX pages on the cisco pages help

    Levels shown halfway down
    Given the description, I would have figured boot events would be 4 or 5?



    emergency


    0

    alert


    1

    critical


    2

    error


    3

    warning


    4

    notification


    5

    informational


    6

    debug


    7
    You can tell a man who boozes by the company he chooses, as the pig got up and slowly walked away.

  3. #3
    Join Date
    Sep 2007
    Beans
    13

    Re: syslog local0 - local7 help - for receiving log event from cisco asa

    Jonobr, those aren't Facilities, they are Severities.

    E24ohm,
    The Facility is an integer from 0-23 that indicates the sending facility such as kernel, mail, etc. Back in the old days, people would use them to sort on (like send mail to mail.log, kernel to kernel.log). The protocol was designed to allow for locally assigned values, meaning, you can put whatever you want there - over the years, many devices would just use local7 (which is int 23).

    All that said, none of it *really* matters, because today's logging systems are capable of much better filtering

    Here's a whitepaper I published on Cisco's website a while back that explains this, and more, if you are interested:
    http://www.cisco.com/en/US/technolog...11-557812.html

  4. #4
    Join Date
    Nov 2006
    Location
    Craggy Island.
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: syslog local0 - local7 help - for receiving log event from cisco asa

    cdukes , sweet .... its a sad day you dont leanr something, and I have had a few days recently..
    You can tell a man who boozes by the company he chooses, as the pig got up and slowly walked away.

  5. #5
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    10,866
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: syslog local0 - local7 help - for receiving log event from cisco asa

    Applications that log to the local facilities usually have to be configured as to which of the facilities to use. I run a couple of applications that log to local facilities; I have to specify which one to use (e.g., "local3") in a configuration file, then add an entry to rsyslog.conf for "local3.*". You can define it in a separate file in /etc/rsyslog.d/. Follow the example for user.* in /etc/rsyslog.d/50-default.conf.

  6. #6
    Join Date
    Apr 2008
    Location
    224.0.0.5
    Beans
    372
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: syslog local0 - local7 help - for receiving log event from cisco asa

    Quote Originally Posted by cdukes View Post
    Jonobr, those aren't Facilities, they are Severities.

    E24ohm,
    The Facility is an integer from 0-23 that indicates the sending facility such as kernel, mail, etc. Back in the old days, people would use them to sort on (like send mail to mail.log, kernel to kernel.log). The protocol was designed to allow for locally assigned values, meaning, you can put whatever you want there - over the years, many devices would just use local7 (which is int 23).

    All that said, none of it *really* matters, because today's logging systems are capable of much better filtering

    Here's a whitepaper I published on Cisco's website a while back that explains this, and more, if you are interested:
    http://www.cisco.com/en/US/technolog...11-557812.html
    Thanks for the link - that sucker is good.

    cheers mate.
    Arrakis

  7. #7
    Join Date
    Apr 2008
    Location
    224.0.0.5
    Beans
    372
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: syslog local0 - local7 help - for receiving log event from cisco asa

    Folks,
    thank you for all the posts and suggestions.
    Arrakis

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •