Still do not have it worked out.
Please help
Pix
logging on
logging timestamp
logging trap notifications
logging
facility 4
logging queue 1024
logging host inside 10.1.1.18
test:/etc/syslog-ng # more syslog-ng.conf
#
#
/etc/syslog-ng/syslog-ng.conf
#
# Automatically generated by SuSEconfig
on Wed Jun 9 19:16:34 EDT 2004.
#
# PLEASE DO NOT EDIT THIS FILE!
#
# you can modify /etc/syslog-ng/syslog-ng.conf.in
instead
#
#
# File format description can be found in
syslog-ng.conf(5).
#
options { long_hostnames(off); sync(0); };
#
# 'src' is our main source definition. you can add
# more sources
driver definitions to it, or define
# your own sources,
i.e.:
#
#source my_src { .... };
source src {
#
# include internal syslog-ng
messages
# note: the internal()
soure is required!
#
internal();
#
# the following line will be
replaced by the
# socket list
generated by SuSEconfig using
#
variables from
/etc/sysconfig/syslog:
#
unix-dgram("/dev/log");
#
# uncomment to process log
messages from network:
#
#udp(ip("0.0.0.0")
port(514));
};
#
# filter definitions
#
filter f_console
{ level(warn) and facility(kern)
or
level(err) and not
facility(authpriv);
};
filter f_newsnotice { level(notice) and facility(news); };
filter
f_newscrit { level(crit) and facility(news);
};
filter f_newserr { level(err) and
facility(news); };
filter f_news { facility(news); };
filter f_mail {
facility(mail); };
filter f_cron { facility(cron); };
filter f_warn {
level(warn, err, crit); };
filter f_alert ; {
level(alert); };
filter f_messages { not facility(news, mail);
};
filter f_local { facility(local0, local1,
local2,
local3,
local4, local5, local6, local7); };
filter f_iptables {
facility(kern) and match("IN=") and match("OUT="); };
#
# print most on tty10 and on the xconsole
pipe
#
destination console { file("/dev/tty10"); };
log {
source(src); filter(f_console); destination(console); };
destination xconsole { pipe("/dev/xconsole"); };
log { source(src);
filter(f_console); destination(xconsole); };
# enable this, if you want that root is informed
# immediately, e.g.
of logins
#destination root { usertty("root"); };
#log { source(src);
filter(f_alert); destination(root); };
#
# these files are rotated and examined by
"news.daily"
#
destination newscrit { file("/var/log/news/news.crit");
};
log { source(src); filter(f_newscrit); destination(newscrit); };
destination newserr { file("/var/log/news/news.err"); };
log {
source(src); filter(f_newserr); destination(newserr); };
destination newsnotice { file("/var/log/news/news.notice"); };
log {
source(src); filter(f_newsnotice); destination(newserr); };
#
# enable this, if you want to keep all news messages
# in one
file
#destination news { file("/var/log/news.all"); };
#log {
source(src); filter(f_news); destination(news); };
#
# all email-messages in one file
#
destination mail { file("/var/log/mail"); };
log { source(src); filter(f_mail);
destination(mail); };
#
# all cron-messages in one file
#
#destination cron {
file("/var/log/cron"); };
#log { source(src); filter(f_cron);
destination(cron); };
#
# Some boot scripts require local7
#
destination
localmessages { file("/var/log/localmessages"); };
log { source(src); filter(f_local); destination(localmessages); };
#
# all messages except the facilities news and
mail
#
destination messages { file("/var/log/messages"); };
log {
source(src); filter(f_messages); destination(messages); };
#
# enable this, if you want all iptables messages
# in one
file
#
#destination firewall { file("/var/log/firewall"); };
#log {
source(src); filter(f_iptables); destination(firewall); };
#
# Warnings in one file
#
destination warn {
file("/var/log/warn"); };
log { source(src); filter(f_warn);
destination(warn); };
#
# enable this, if you want to keep all messages in one
file
#destination allmessages { file("/var/log/allmessages"); };
#log {
source(src); destination(allmessages); };
# PIX
source network { udp () ; tcp (); };
log{source(network);filter(f_pix);destination(pixlog);};
destination pixlog { file("/var/log/pix.log"); };
filter f_pix { facility(local4); };
test:/etc/syslog-ng
#
Bill Nash <billn@billn.net> wrote:
What
about your log directives?
log { source(network);
destination(pixlog); flags(final); };
- billn
On Wed, 9
Jun 2004, Ben Whittaker wrote:
> Yes, Pix was logging to
Kiwi
>
> Bill Nash wrote:
> Stupid question, but:
> Did you configure your PIX to export logs to your log
server?
>
> If it behaves like IOS, it's something as simple
as:
> logging
>
> - billn
>
> On Wed, 9 Jun
2004, Ben Whittaker wrote:
>
> > How do I setup syslog-ng for
cisco pix.
> >
> > I have added the following lines to my
config
> >
> > # PIX
> > source network { udp ()
; tcp (); };
> >
> > destination pixlog {
file("/var/log/pix.log"); };
> >
> > filter f_pix { facility(local4); };
> >
> >
> >
>
> but I am not getting any logging to this new syslog server.
>
>
> >
> >
> >
> >
__________________________________
> > Do you Yahoo!?
> >
Friends. Fun. Try the all-new Yahoo! Messenger.
> >
http://messenger.yahoo.com/
> >
_______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> >
https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently
asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>
> _______________________________________________
>
syslog-ng maillist - syslog-ng@lists.balabit.hu
>
https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked
questions at
http://www.campin.net/syslog-ng/faq.html
>
>
>
>
---------------------------------
> Do you Yahoo!?
> Friends .
Fun. Try the all-new Yahoo!
Messenger
_______________________________________________
syslog-ng
maillist -
syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently
asked questions at http://www.campin.net/syslog-ng/faq.html
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo!
Messenger