I wanted my Pix to log to the system log on one of my servers. I thought it would be simple, but there were several things I had to get right.
On the Pix, you set the clock with
clock set 19:15:00 September 24 2016
On the Pix you tell it where you're going to log to
logging host inside xantl-in
and to timestamp the logs
logging timestamp
And that you want everything from warnings (usually some access that was denied) up to emergencies ("Your pix has caught fire" - no, I don't think there's a message for that).
logging trap warnings
So now, my Pix was sending all these messages to my server named xantl. Next, I had to tell xantl to listen out for them. To do that, I edited /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Actually, those commands were already there, but commented out, so I just removed
the # in front of them.
Then
systemctl restart syslog
and the pix logs started appearing in /var/log/messages, which is where syslog puts everything. But I didn't want them all mixed up with the other messages, I want them in their own file. So I edited /etc/rsyslog.conf again
if $programname contains '%PIX-' then /var/log/pixlog
if $programname contains '%PIX-' then stop
And again systemctl restart syslog. And now all the pix logs go to /var/log/pixlog
There's going to be a lot of them! So I'll rotate the logs; a new log each week. To do that, I edited /etc/logrotate.d/syslog and added:
/var/log/pixlog
at the start of the file.
So now all the pix messages are saved on my server, and I can check them to see that everything is as I want it to be.
Job done!
Jpb done!
No comments:
Post a Comment