[syslog-ng] Newbie Looking for Help

[Sandor Geller]

Mark R. White wrote:

> My network engineer says he has our corporate pix box pointed to this 
> server, yet I'm not getting any logs.  Do I need to specify the facility 
> that it's logging to?  And if so, where do I specify that in this set 
> up?  I assumed once I had it setup to log, and I was accepting external 
> connections, it would log it into the file system as stated above and I 
> wouldn't have to specify logging for each facility, local4 in this 
> specific case.   Is it not correct to assume that since I have 
> uncommented udp, all udp logging traffic would be defined by the s_all 
> variable and forced to log the same as all other syslog data?   Thanks 
> again for all of your help. 

You don't have to know which facility the PIX is logging with. However
as the first debugging step I recommend using tcpdump to be sure whether
the PIX sends the log to the host properly or not.

If the network packets seem to be OK, then see whether the hostname is
correct in the packets or not. Maybe the PIX log ends up somewhere in
the wrong system's log.

-- 
Sandor Geller
wildy at balabit.hu