Configure syslog facility

Posted on November 6, 2010

1



If you setup your own syslog server than you can choose to which facility should the router or firewall send the logs. Lets see how it looks like.

Step 1. Edit the syslog server configuration file. Let say we use Local6 as our Facility level for the router.

# vi /etc/syslog.conf
local6.info /netscape/pixfirewall/pixlogs

Step 2. Syslog server remote access setup.

To start syslog server to listen for remote logging use the ‘-r’ parameter at startup.
With Ubuntu:
/etc/init.d/sysklogd
With Fedora:
/etc/init.d/rsyslog

Step 3. On firewall – that resides before the syslog server – permit the 514 udp port from the router or firewall logging to this server

Step 4. Configure the router logging. In this example the Syslog server has the IP 192.168.1.20.

logging timestamp
logging facility 22
logging host 192.168.1.20
logging trap informational
logging on

The number 22 has the following explanation:
Break down the X number into binary. The last four bits comprise the local facility.
16 = 00010000 = local0
17 = 00010001 = local1
18 = 00010010 = local2
19 = 00010011 = local3
20 = 00010100 = local4
21 = 00010101 = local5
22 = 00010110 = local6
23 = 00010111 = local7

Here is a link if you need deeper explanation

Advertisements
Posted in: Cisco, Logging, Security