Mark R. White wrote:
My network engineer says he has our corporate pix box pointed to this server, yet I'm not getting any logs. Do I need to specify the facility that it's logging to? And if so, where do I specify that in this set up? I assumed once I had it setup to log, and I was accepting external connections, it would log it into the file system as stated above and I wouldn't have to specify logging for each facility, local4 in this specific case. Is it not correct to assume that since I have uncommented udp, all udp logging traffic would be defined by the s_all variable and forced to log the same as all other syslog data? Thanks again for all of your help.
You don't have to know which facility the PIX is logging with. However as the first debugging step I recommend using tcpdump to be sure whether the PIX sends the log to the host properly or not. If the network packets seem to be OK, then see whether the hostname is correct in the packets or not. Maybe the PIX log ends up somewhere in the wrong system's log. -- Sandor Geller wildy@balabit.hu