This is from my config. # PIX # source network { udp () ; tcp (); }; log{source(net);filter(f_pix);destination(pixlog);}; destination pixlog { file("/var/log/pix.log"); }; filter f_pix { facility(local4); }; And on my PIX logging on logging timestamp logging buffered notifications logging trap notifications logging queue 1024 logging host inside 10.x.x.x no logging message 106001 no logging message 106023 --- Damien Michau <d.michau@ag.com> wrote:
Hi All ! I have some probleme ta log my pix's log into my syslog-ng server . i have mounted a Syslog-ng server to store my pix's log . But there is nothing in my pix.log i'have put this lines in my syslog-ng.conf
source pix { udp(ip(10.60.10.111) port());}; destination pix { file("/var/log/pix.log"); }; log { source(pix);destination(pix); };
Have you one idea ?
Thx
Damien Michau Paris
Discover Yahoo! Use Yahoo! to plan a weekend, have fun online and more. Check it out! http://discover.yahoo.com/
Thx but don't work on my pix there is logging facility 21 and i have put on my syslog-ng source network { udp();tcp();}; destination pixlog {file("/var/log/pix.log");}; filter f_pix { facility(local5); }; log {source(network);filter(f_pix);destination(pixlog);}; when i listen my network i see some packets on the network put my pix.log il always empty ----- Original Message ----- From: "Ben Whittaker" <ben_whittaker@yahoo.com> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, May 10, 2005 4:45 PM Subject: Re: [syslog-ng]Pix problem
This is from my config.
# PIX # source network { udp () ; tcp (); };
log{source(net);filter(f_pix);destination(pixlog);};
destination pixlog { file("/var/log/pix.log"); };
filter f_pix { facility(local4); };
And on my PIX
logging on logging timestamp logging buffered notifications logging trap notifications logging queue 1024 logging host inside 10.x.x.x no logging message 106001 no logging message 106023
--- Damien Michau <d.michau@ag.com> wrote:
Hi All ! I have some probleme ta log my pix's log into my syslog-ng server . i have mounted a Syslog-ng server to store my pix's log . But there is nothing in my pix.log i'have put this lines in my syslog-ng.conf
source pix { udp(ip(10.60.10.111) port());}; destination pix { file("/var/log/pix.log"); }; log { source(pix);destination(pix); };
Have you one idea ?
Thx
Damien Michau Paris
Discover Yahoo! Use Yahoo! to plan a weekend, have fun online and more. Check it out! http://discover.yahoo.com/ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Can you verify that syslog-ng is listening on udp 514? Jerry http://www.syslog.org
Thx but don't work
on my pix there is logging facility 21
and i have put on my syslog-ng
source network { udp();tcp();}; destination pixlog {file("/var/log/pix.log");}; filter f_pix { facility(local5); }; log {source(network);filter(f_pix);destination(pixlog);};
when i listen my network i see some packets on the network put my pix.log il always empty
i have scan the port of the computer but not open. and when pix is sending the log he send it on different port on udp ----- Original Message ----- From: "Jerry Bell" <jbell@stelesys.com> To: <syslog-ng@lists.balabit.hu> Cc: <syslog-ng@lists.balabit.hu> Sent: Tuesday, May 10, 2005 9:23 PM Subject: Re: [syslog-ng]Pix problem Can you verify that syslog-ng is listening on udp 514? Jerry http://www.syslog.org
Thx but don't work
on my pix there is logging facility 21
and i have put on my syslog-ng
source network { udp();tcp();}; destination pixlog {file("/var/log/pix.log");}; filter f_pix { facility(local5); }; log {source(network);filter(f_pix);destination(pixlog);};
when i listen my network i see some packets on the network put my pix.log il always empty
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
i have scan the port of the computer but not open. and when pix is sending the log he send it on different port on udp
What port is the pix sending the logs out on? Also, if syslog-ng isn't listening, it won't be able to get any logs from your PIX. I'm not sure what you used to scan the open ports, but you may want to double check with a "sockstat |grep 514". If there really is nothing listening, then that is probably going to be your problem, unless there is also a problem with the PIX sending on the wrong port. Jerry http://www.syslog.org
pix is using different port to send logs 132,141 .. and syslog listen on 514 Damien ----- Original Message ----- From: "Jerry Bell" <jbell@stelesys.com> To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Sent: Wednesday, May 11, 2005 2:11 PM Subject: Re: [syslog-ng]Pix problem
i have scan the port of the computer but not open. and when pix is sending the log he send it on different port on udp
What port is the pix sending the logs out on? Also, if syslog-ng isn't listening, it won't be able to get any logs from your PIX. I'm not sure what you used to scan the open ports, but you may want to double check with a "sockstat |grep 514". If there really is nothing listening, then that is probably going to be your problem, unless there is also a problem with the PIX sending on the wrong port. Jerry http://www.syslog.org _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
Ben Whittaker
-
Damien Michau
-
Jerry Bell