How to send Syslog messages past Firewall into our logging host?

[skhoury]

Hello all,

I have a quick question, probably a simple one:

We have our Cisco 2610 Internet Router handling our T1 connection, and immediatly after the router sits our PIX515 FW. The PIX is able to send its own Syslog messages to our logging host.

What I would like to do is direct the Router to send its Syslog messages to our logging host as well, but im not quite sure how to go about doing this given that the firewall sits after our router and the e0/0 interface has a public IP, not an ip on our LAN.

Any thoughts?

Many thanks!,

Sam

 

[plshlpme]

logging source-interface Loopback0
logging x.x.x.x <-- ip of loghost

you need to make sure that UDP port 514 is not blocked in your firewall. ive never used a pix so im not sure of the syntax required to correct this if it is blocked.

 

[plshlpme]

and you don't need to source off your loopback interface.. i just put that as an example if you did want to specify an interface

 

[skhoury]

hmm, interesting. Ok, so then how does the router know to send a 192.168.x.x type address out e0/0 when e0/0 isnt even on that subnet (it has a public address because it connects to the firewall directly).

Do I need any sort of special route statement etc?

Thanks!

 

[lgarner]

You need a NAT on the pix so syslog traffic received on the outside i/f will go to the loghost.

static (inside,outside) <outside> <loghost> netmask 255.255.255.255 0 0
access-list outside_inbound permit udp host <router> host <outside> eq 514

If you have limited outside addresses for the Pix, you can NAT only UDP to the loghost:

static (inside,outside) udp interface 514 <loghost> 514 netmask 255.255.255.255 0 0

With either static, you'll still need the ACL entry.