Logging

CiscoASA‎ > ‎

Setup Cisco PIX or ASA to log on another server using syslog

the pix binds the ip 10.2.59.1 and the linux syslog server bind 10.2.59.2 on the pix add the following config

logging enable
logging timestamp
logging standby
logging trap warnings
logging host vpnnat 10.2.59.2

On the linux server install syslog-ng

Add the following to /etc/syslog-ng/syslog-ng.conf

source network { udp(ip("0.0.0.0") port(514)); };
destination pixlog { file("/var/log/pix.log"); };
filter f_pix { facility(local4); };
log{source(network);filter(f_pix);destination(pixlog);};

Make sure the firewall on the box is accepting UDP packets destined for port 514 from the pix.

Add the following to /etc/logrotate.d/syslog-ng

/var/log/pix.log {
  rotate 4
  weekly
  missingok
  notifempty
  compress
}

Comments

	Search this site