How to redirect logs from Cisco firewall to a specific file?

Question

We need to redirect the logs from our Cisco firewall(SA520-K9) to syslogd server(it's a CentOS server). The settings are done on the firewall. But the messages from firewall are going to /var/log/messages and console instead of /var/log/firewall.log which is our requirent.

*.info;mail.none;authpriv.none;cron.none        /var/log/messages

authpriv.*                      /var/log/secure

mail.*                          -/var/log/maillog


cron.*                          /var/log/cron

*.emerg                         *

uucp,news.crit                      /var/log/spooler

local7.*     /var/log/firewall.log

This is our syslog config file. Any advices ?

Log Severity > Warning and set to sent to syslog in the device

alvosu · Answer 1 · 2011-02-04T07:49:00.370

3

default facility used by the Cisco ASA is 20 (LOCAL4):

  local4.*     /var/log/firewall.log

edited Feb 04 '11 at 07:49

answered Feb 04 '11 at 06:14

alvosu

8,437
25
22

Any idea about SA520-K9 ? – nitins Feb 04 '11 at 06:38
sa520 has no cli. It's not an ios device. – Jason Berg Feb 04 '11 at 06:51
@Jason Berg: What facility "Administration> Logging > Logs Facility and Severity" ? – alvosu Feb 04 '11 at 08:16
Log Severity > Warning and set to sent to syslog – nitins Feb 04 '11 at 08:26
1

Use tcpdump to determinate facility: tcpdump -pn -s 0 -vv -i eth0 host $IP. Facility ... (N) – alvosu Feb 04 '11 at 08:28

score 0 · Answer 2 · edited Jul 22 '12 at 17:37

0

Check the raw messages and see the facility and the severity that is used. (%rawmsg% in rsyslog ) ... I don't know about syslogd, but you can always use wireshark for that. (the other way is to check every facility until you get your job done)

edited Jul 22 '12 at 17:37

Lucas Kauffman

16,880
9
58
93

answered Feb 04 '11 at 07:28

Nikolaidis Fotis

2,032
11
13

How to redirect logs from Cisco firewall to a specific file?

2 Answers2