Yes, Pix was logging to Kiwi Bill Nash <billn@billn.net> wrote: Stupid question, but: Did you configure your PIX to export logs to your log server? If it behaves like IOS, it's something as simple as: logging - billn On Wed, 9 Jun 2004, Ben Whittaker wrote:

How do I setup syslog-ng for cisco pix.

I have added the following lines to my config

# PIX source network { udp () ; tcp (); };

destination pixlog { file("/var/log/pix.log"); };

filter f_pix { facility(local4); };

but I am not getting any logging to this new syslog server.

__________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html --------------------------------- Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger

Still do not have it worked out. Please help Pix logging on logging timestamp logging trap notifications logging facility 4 logging queue 1024 logging host inside 10.1.1.18 test:/etc/syslog-ng # more syslog-ng.conf # # /etc/syslog-ng/syslog-ng.conf # # Automatically generated by SuSEconfig on Wed Jun 9 19:16:34 EDT 2004. # # PLEASE DO NOT EDIT THIS FILE! # # you can modify /etc/syslog-ng/syslog-ng.conf.in instead # # # File format description can be found in syslog-ng.conf(5). # options { long_hostnames(off); sync(0); }; # # 'src' is our main source definition. you can add # more sources driver definitions to it, or define # your own sources, i.e.: # #source my_src { .... }; source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log"); # # uncomment to process log messages from network: # #udp(ip("0.0.0.0") port(514)); }; # # filter definitions # filter f_console { level(warn) and facility(kern) or level(err) and not facility(authpriv); }; filter f_newsnotice { level(notice) and facility(news); }; filter f_newscrit { level(crit) and facility(news); }; filter f_newserr { level(err) and facility(news); }; filter f_news { facility(news); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_warn { level(warn, err, crit); }; filter f_alert { level(alert); }; filter f_messages { not facility(news, mail); }; filter f_local { facility(local0, local1, local2, local3, local4, local5, local6, local7); }; filter f_iptables { facility(kern) and match("IN=") and match("OUT="); }; # # print most on tty10 and on the xconsole pipe # destination console { file("/dev/tty10"); }; log { source(src); filter(f_console); destination(console); }; destination xconsole { pipe("/dev/xconsole"); }; log { source(src); filter(f_console); destination(xconsole); }; # enable this, if you want that root is informed # immediately, e.g. of logins #destination root { usertty("root"); }; #log { source(src); filter(f_alert); destination(root); }; # # these files are rotated and examined by "news.daily" # destination newscrit { file("/var/log/news/news.crit"); }; log { source(src); filter(f_newscrit); destination(newscrit); }; destination newserr { file("/var/log/news/news.err"); }; log { source(src); filter(f_newserr); destination(newserr); }; destination newsnotice { file("/var/log/news/news.notice"); }; log { source(src); filter(f_newsnotice); destination(newserr); }; # # enable this, if you want to keep all news messages # in one file #destination news { file("/var/log/news.all"); }; #log { source(src); filter(f_news); destination(news); }; # # all email-messages in one file # destination mail { file("/var/log/mail"); }; log { source(src); filter(f_mail); destination(mail); }; # # all cron-messages in one file # #destination cron { file("/var/log/cron"); }; #log { source(src); filter(f_cron); destination(cron); }; # # Some boot scripts require local7 # destination localmessages { file("/var/log/localmessages"); }; log { source(src); filter(f_local); destination(localmessages); }; # # all messages except the facilities news and mail # destination messages { file("/var/log/messages"); }; log { source(src); filter(f_messages); destination(messages); }; # # enable this, if you want all iptables messages # in one file # #destination firewall { file("/var/log/firewall"); }; #log { source(src); filter(f_iptables); destination(firewall); }; # # Warnings in one file # destination warn { file("/var/log/warn"); }; log { source(src); filter(f_warn); destination(warn); }; # # enable this, if you want to keep all messages in one file #destination allmessages { file("/var/log/allmessages"); }; #log { source(src); destination(allmessages); }; # PIX source network { udp () ; tcp (); }; log{source(network);filter(f_pix);destination(pixlog);}; destination pixlog { file("/var/log/pix.log"); }; filter f_pix { facility(local4); }; test:/etc/syslog-ng # Bill Nash <billn@billn.net> wrote: What about your log directives? log { source(network); destination(pixlog); flags(final); }; - billn On Wed, 9 Jun 2004, Ben Whittaker wrote:

Yes, Pix was logging to Kiwi

Bill Nash wrote: Stupid question, but: Did you configure your PIX to export logs to your log server?

If it behaves like IOS, it's something as simple as: logging

- billn

On Wed, 9 Jun 2004, Ben Whittaker wrote:

...

How do I setup syslog-ng for cisco pix.

I have added the following lines to my config

# PIX source network { udp () ; tcp (); };

destination pixlog { file("/var/log/pix.log"); };

filter f_pix { facility(local4); };

...

but I am not getting any logging to this new syslog server.

__________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

--------------------------------- Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html --------------------------------- Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger

2004-06-11, p keltezéssel 22:13-kor Ben Whittaker ezt írta:

I got syslog-ng logging to mysql but it locks up. I cant do anything on the system. Not sure what is going on.

probably both klogd and syslog-ng is reading /proc/kmsg kill klogd or remove /proc/kmsg from your syslog-ng configuration file. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1