setup syslog server 1

[mrmoneymatters]

I need to implement a syslog server, I am going to use Kiwi. Can someone tell me how to do this, and give me the commands.

Thx for any help.

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
MCSA (2003)

 

[lgarner]

http://www.cisco.com/en/US/products...cts_tech_note09186a0080094030.shtml#configpix

 

[mrmoneymatters]

I already seen that, but didn't understand it completely.

Is this the only two command I need to enter?

syslog host #.#.#.# (where #.#.#.# is the syslog servers address)

syslog output X.Y (where X is the logging facility and Y is the level)

What do I do with the second command?

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
MCSA (2003)

 

[ixleplix]

logging on
logging timestamp
logging buffered warnings
'Set this at the level you want.
logging trap debugging
'Set this at the level you want.
logging history warnings
'Set this at the level you want.
logging host inside IPAddressOfSyslogServer
'The PIX defaults to UDP 514. With Kiwi, you can use UDP or TCP--default 1468.
logging host [if_name] ip_address [protocol/port]

Roland


*****************

What's ADD again?

 

[ixleplix]

Also, This FAQ is good:
faq35-4302


*****************

What's ADD again?

 

[mrmoneymatters]

OK, I understand that a lot better. I do have just a couple more questions.

When i enter the command "logging trap debugging" and then the level, do I have to do that for each level I want monitored? For instance:
logging buffered warnings 1
logging buffered warnings 2
etc..
Or do I just do "logging buffered warnings 3" and it monitors all of 1,2,and 3?

Do I do the same thing with trap and history? What is a good level to set on all of these?

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
MCSA (2003)

 

[ixleplix]

Or do I just do "logging buffered warnings 3" and it monitors all of 1,2,and 3"---Bingo!

"Do I do the same thing with trap and history?" Yes.

The trap is what gets sent to the logging host. I like to have it set at a higher level because I want to be able to dig through it if I need to. But debugging--level 7--sends a message about every activity on the PIX--so it generates A TON of messages, which can slow down a heavily used PIX.

History sets the SNMP message level for sending syslog traps.

I'd use warnings--or level 4--on all of these.


*****************

What's ADD again?

 

[mrmoneymatters]

I really appreciate your help and taking the time to explain this to a newbie.

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
MCSA (2003)

 

[ixleplix]

Glad to help.


*****************

What's ADD again?

 

[PalmTest]

On the Kiwi server i use scheduled Tasks to send the e-mail via BLAT.

http://www.blat.net/

 

[melbert2002]

I am also a beginer, and I have followed your advise on setting up logging, but I am not seeing anything show up on the log. I guess my question is do I manually add the syslog machine ip to the interal access list and specify the udp port? Also is there a way to manually create a log message that will be sent out so I can see if the Kiwi Syslog can pick it up????

Thanks in advance

Mel

 

[ixleplix]

The syslog messages shouldn't be affected by an access-list since they originate from the PIX. Check to make sure you aren't running a firewall on the syslog server and make sure the ports/protocol that Kiwi is looking for and the PIX is using are the same.

As far as manually creating messages...I don't think so. If you set the trap level to debugging, you'll see messages consistently.

Also be aware that some spyware removal programs will remove key files used by Kiwi.


Roland


*****************

What's ADD again?