If you setup your own syslog server than you can choose to which facility should the router or firewall send the logs. Lets see how it looks like.
Step 1. Edit the syslog server configuration file. Let say we use Local6 as our Facility level for the router.
| # vi /etc/syslog.conf local6.info /netscape/pixfirewall/pixlogs |
Step 2. Syslog server remote access setup.
To start syslog server to listen for remote logging use the ‘-r’ parameter at startup.
With Ubuntu:
/etc/init.d/sysklogd
With Fedora:
/etc/init.d/rsyslog
Step 3. On firewall – that resides before the syslog server – permit the 514 udp port from the router or firewall logging to this server
Step 4. Configure the router logging. In this example the Syslog server has the IP 192.168.1.20.
| logging timestamp logging facility 22 logging host 192.168.1.20 logging trap informational logging on |
The number 22 has the following explanation:
Break down the X number into binary. The last four bits comprise the local facility.
16 = 00010000 = local0
17 = 00010001 = local1
18 = 00010010 = local2
19 = 00010011 = local3
20 = 00010100 = local4
21 = 00010101 = local5
22 = 00010110 = local6
23 = 00010111 = local7
itsecworks 
Mr WordPress
November 6, 2010
Hi, this is a comment.
To delete a comment, just log in, and view the posts’ comments, there you will have the option to edit or delete them.