Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using HPUX 11 for syslog PIX 501

Status
Not open for further replies.
tman138

tman138

IS-IT--Management
Nov 27, 2001
128
US
I am trying to setup a HPUX 11 host to capture my PIX 501 syslog. I have followed the manual instructions for both enabling syslog logging on the PIX, and configuring and enabling syslog in UNIX. I used name and names to define my Unix workstations IP address. I can ping the Unix machine from inside the PIX. I also enabled telnet to the Unix box and I can connect and maneuver within the PIX from Unix. I thought maybe the HUP command didn’t take on the Unix syslog.pid (the example was a generic Unix not HPUX) but I rebooted the machine to make sure that the syslog.conf file was being read. I crated the log file in /var/log/pix and named it pixfirewall I added the line local4.error /var/log/pix/pixfirewall to the syslog.conf file using vi. After creating the pixfirewall file I touched it. The PIX had a logging facility setting of 16 & I saw that facility 20 was recommended for Unix so I changed that as well. From reading this equates to the local4 setting. I tried stopping and restarting logging on the PIX but nothing writes to the Unix file.
A sho log on the PIX shows syslog logging enabled
timestamp logging enabled
trap logging level errors facility 20 16 messages logged
logging to inside MyUnixMachine
Not sure where the problem lies. I can communicate between the 2 devices, but for some reason Unix isn’t writing the log file.
 
Sort by date Sort by votes
Make sure the syslog server is listening on UDP port 514 on the Unix machine, as this is the default value used by the PIX.
 
Upvote 0 Downvote
Try changing syslog.conf to local4.* to capture all messages, and change the Pix trap logging level to match (debug).

Also, check if the syslog traffic is arriving at the server on udp port 514. I don't know if tcpdump is available, but snoop probably is.

Finally, I don't know about HPUX, but you might need to make sure that syslogd is started with options to receive messages from remote devices.
 
Upvote 0 Downvote
I jumped the reporting up from errors to debugging to increase the traffic, and found the log in the syslog.log file instead of the pixfirewall file ??? not sure why

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
796
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
676
XLNTech1
XLNTech1
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
190
xwray
xwray
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
982
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
262
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top