[syslog-ng] Newbie Looking for Help

Mark R. White whitemr at gmail.com
Mon May 15 16:25:41 CEST 2006 

Sandor, Good suggestion but I don't think it will work since syslog is UDP
traffic.  Also, it appears to be a very specific problem with our PIX
firewall.  This morning, our network engineer and I, set up a half dozen
other devices, routers and switches, and they are all logging without any
issue.  So for now, I'm going to chalk this up as  an issue with the PIX
IOS, and consider this issue closed.   Thanks again for everyone's help.
This list is a true credit to the FOSS community.

Mark



On 5/15/06, Sandor Geller <wildy at balabit.hu> wrote:
>
> Mark R. White wrote:
>
> > My network engineer says he has our corporate pix box pointed to this
> > server, yet I'm not getting any logs.  Do I need to specify the facility
> > that it's logging to?  And if so, where do I specify that in this set
> > up?  I assumed once I had it setup to log, and I was accepting external
> > connections, it would log it into the file system as stated above and I
> > wouldn't have to specify logging for each facility, local4 in this
> > specific case.   Is it not correct to assume that since I have
> > uncommented udp, all udp logging traffic would be defined by the s_all
> > variable and forced to log the same as all other syslog data?   Thanks
> > again for all of your help.
>
> You don't have to know which facility the PIX is logging with. However
> as the first debugging step I recommend using tcpdump to be sure whether
> the PIX sends the log to the host properly or not.
>
> If the network packets seem to be OK, then see whether the hostname is
> correct in the packets or not. Maybe the PIX log ends up somewhere in
> the wrong system's log.
>
> --
> Sandor Geller
> wildy at balabit.hu
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>


-- 
"Knowledge is power and I like power." Cobra Bubbles, Lilo & Stitch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060515/12cb5809/attachment.html

More information about the syslog-ng mailing list