Thanks, i'll check into that. I am assuming with all the changes that have been made to the PIX in ver 6.X that you are probably correct about the protocol stuff.
> > From: "Paul Stewart" <[EMAIL PROTECTED]> > Date: 2003/01/28 Tue PM 05:57:35 EST > To: <[EMAIL PROTECTED]> > Subject: RE: Re: syslogging PIX data > > Just curious.. This is something that started with the newer 6.x code? > Is it safe to presume that with tcp versus udp that *all* log entries > will make it to syslog versus udp where under loading hundreds of them > can get dropped? I realize memory may play a role and rate limiting of > course.:) > > I don't' know your answer but I *believe* that msyslog will let you > listen on different ports (modular syslog that uses MySQL)... Can't > remember for sure though... May have to search and find the site to > see... > > Hope this helps.. > > Paul > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > On Behalf Of Paul Fontenot > Sent: Tuesday, January 28, 2003 5:00 PM > To: [EMAIL PROTECTED] > Subject: Re: Re: syslogging PIX data > > > The PIX 525 with 6.X code defaults to TCP on port 1468. The PIX will not > send to a port below 1025. I know how to setup the PIX and I know how to > setup syslog. > > Will syslog listen on a different port than the default? I don't see > anything in the man pages that indicate this is possible. > > > > > From: Stacy Brandenburg <[EMAIL PROTECTED]> > > Date: 2003/01/28 Tue PM 04:39:25 EST > > To: [EMAIL PROTECTED] > > Subject: Re: syslogging PIX data > > > > I think you lost me, why is the PIX going to send tcp/1468? It > > syslogs > > out to 514 just like every other device. Are you trying to do > someting > > other than syslog from it? > > > > As far as syslogd goes - the man pages explain pretty well how to > > invoke > > syslogd in different fashions. > > > > > > > > > > Paul Fontenot wrote: > > > The problem is that PIX is going to send tcp/1468 and the linux box > > > is looking for udp/514. The PIX won't allow a port outside the range > > > > of '1025-65535' but it will do udp or tcp. > > > > > > I guess the questions hould have been is there a way to have syslogd > > > > listen on a different port > > > > > > > > >>From: Stacy Brandenburg <[EMAIL PROTECTED]> > > >>Date: 2003/01/28 Tue PM 03:43:15 EST > > >>To: [EMAIL PROTECTED] > > >>Subject: Re: syslogging PIX data > > >> > > >>Sure, > > >> > > >>PIX config needs to look like this > > >> > > >>logging on > > >>logging trap <log level> > > >>logging facility 23 > > >>logging host inside <IP of Syslog server> > > >> > > >>run syslogd as "syslogd -r -m 0" on the server > > >> > > >>and add this to /etc/syslog.conf: > > >> > > >>#Cisco logging > > >>local7.* <Log file location> > > >> > > >> > > >> > > >> > > >> > > >>Paul Fontenot wrote: > > >> > > >>>Is there a way to have syslog accept PIX log information? > > >>> > > >>> > > >>> > > >>> > > >> > > >>-- > > >>======================================================== > > >>= Stacy J. Brandenburg Red Hat Inc. = > > >>= Sr. Network Engineer http://www.redhat.com = > > >>= 919-754-3700 x44313 [EMAIL PROTECTED] = > > >>======================================================== > > >> > > >> > > >> > > >>-- > > >>redhat-list mailing list > > >>unsubscribe > mailto:[EMAIL PROTECTED]?subject=unsubscribe > > >>https://listman.redhat.com/mailman/listinfo/redhat-list > > >> > > > > > > > > > > > > > > > > > > > > > -- > > ======================================================== > > = Stacy J. Brandenburg Red Hat Inc. = > > = Sr. Network Engineer http://www.redhat.com = > > = 919-754-3700 x44313 [EMAIL PROTECTED] = > > ======================================================== > > > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
