Login or Register to Ask a Question and Join Our Community


Solaris

Solaris SYSLOG Help

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Solaris SYSLOG Help
# 1  
Old 05-16-2012
Solaris SYSLOG Help
We have this Sun Solaris that we use for SYSLOG. Existing firewalls send warning level to this SYSLOG and it works great. We added a new firewall, I pointed the firewall to this SYSLOG server but nothing is being logged (windows KIWI works but not UNIX & I dont like KIWI). I am wondering what to do to fix this issue.. not sure what to look for or do... I went to /etc/syslog.conf and added the top line local5. The others were already there.

local5.debug /pix/dcpixlog
local4.debug /pix/pixlog
local3.debug /usr/log/cache/cachelog
local2.debug /var/log/ras/raslog
local1.debug /var/log/vpn/vpnlog

I then to /pix and see pixlog but not dcpixlog. I used touch to create a 0 size dcpixlog & tried restarting syslog but nothing gets logged. Can you please help?
# 2  
Old 05-16-2012
What model are those firewalls? How are you pointing new firewall to Solaris logserver? Can you compare syslog configuration on old firewall with the new one?
# 3  
Old 05-17-2012
Thank you for the response... These are Cisco ASA5585...same as the other firewalls. They both send logs to UNIX and KIWI syslog servers. KIWI gets the logs but it seems as in UNIX, you have to somehow make it accept logs (I am not sure if this statement is true or not). Here is the FW log config that works on UNIX...
logging enable
logging timestamp
logging console debugging
logging monitor debugging
logging buffered notifications
logging trap informational
logging history warnings
logging device-id context-name
logging host inside 10.213.208.41
logging host inside 10.213.9.10
!
Here is the log config on FW that does not work with UNIX (.208.41) & works with KIWI (9.10). The log levels are diff (notice: log facility)...
logging enable
logging timestamp
logging buffered notifications
logging trap notifications
logging facility 22
logging device-id hostname
logging host inside 10.213.208.41
logging host inside 10.213.9.10
# 4  
Old 05-17-2012
Well, I'm not familiar with CISCO firewalls configuration, but you might try setting the logging configuration on new firewall to match exactly the one on the old one. Additionally, can you post output of
Code:
ipfstat -io

from Solaris logserver (it will show if Solaris integrated firewall is setup)?
# 5  
Old 05-20-2012
Thanks again. I ran the command but here is what I get.
$ ipfstat -io
ksh: ipfstat: not found
!
I suspect this has something to do with facility no. All my other firewalls dont mention facility no (I found by def they are 20 which is what UNIX is set to)..these FW are set to Facility 23. Would you know how I can find what facility is our UNIX running...also, is there a way, I can add new facility for this new FW so that I can run both facility 20 and 23? I check /etc/syslog.conf and dont see any mention of facility. Thank you!!!!
# 6  
Old 05-20-2012
Did you run this command on Solaris machine? What does this say there:
Code:
uname -a

# 7  
Old 05-20-2012
Here is the output:
$ uname -a
SunOS svariwnsl01 5.9 Generic_118558-34 sun4u sparc SUNW,Sun-Fire-V210
!
By the way, on the sun I ran "tail -f pixlog | grep 10.212." with no changes and of course no output...but the minute I logged into firewall and changed facility (no logg facility 22"), the UNIX started showing ton of syslog. So, it has to do with UNIX accepting default Syslog 20 facility and this firewall is set to 22. Since our HQ is set to pull logs via facility 22...is there a way to set the SYSLOG on Sun to pull both Facility 20 and Facility 22?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

How can i send Solaris syslog loging server?

HI how can i send solaris syslog to centralized logging server? i have tried adding like below and got error: *.err;kern.debug;daemon.notice;mail.crit @172.16.200.50:5000 and the error i got in /var/adm/messages is: Jun 10 13:02:24 aresdb-new.alshaya.com syslogd: line 14:... (10 Replies)
Discussion started by: bentech4u
10 Replies

2. UNIX for Advanced & Expert Users

Syslog in Solaris 11.1

Hi, I have a solaris 11.1 server with many network interfaces (real and virtual), and one is connected to another server. i need that syslog send the info through one specific interface, i know that in the syslog.conf file can write: *.* @xxx.xxx.xxx.xxx (remote server IP) but... (1 Reply)
Discussion started by: iocx
1 Replies

3. UNIX for Dummies Questions & Answers

Syslog in Solaris 11.1

Hi, I have a solaris 11.1 server with many network interfaces (real and virtual), and one is connected to another server. i need that syslog send the info through one specific interface, i know that in the syslog.conf file can write: *.* @xxx.xxx.xxx.xxx (remote server IP) but... (0 Replies)
Discussion started by: iocx
0 Replies

4. Solaris

Solaris syslog messages cluttering screen

Well, this kind of silly but I think I am missing something. So we have this Solaris 10 server which acts as syslog server for network devices. Problem is the syslogs clutters whenever I use the screen utility for any work. I am posting the conetent of /etc/syslog.conf # more... (3 Replies)
Discussion started by: admin_xor
3 Replies

5. Solaris

Solaris syslog server and client

Hi folks, I am attempting to setup a Solaris 10 syslog server to receive logs from linux machines. Here's what I did: On the server (SunOS sun226 5.10), IP address: 192.168.212.226: 1. start syslogdby issuing $/usr/sbin/syslogd -T On a client (SunOS sun221 5.8): 1. Configured... (1 Reply)
Discussion started by: kimurayuki
1 Replies

6. UNIX for Dummies Questions & Answers

edit /etc/syslog.conf (Solaris 10)

Hi, Im editing the file /etc/syslog.conf for Solaris 10 server in production. I need to add "auth and authpriv.": someone set the same? Have been successful? I would appreciate any suggestions. Greetings. The unmodified arhive is: (0 Replies)
Discussion started by: musul
0 Replies

7. Solaris

Syslog - solaris 9

HI admins, I am facing an issue with syslog on solaris9. It stopped the logging of messages..I tried all ways to start the syslog--/etc/init.d/syslog start, /usr/sbin/syslogd......etc.... But ps -eaf | grep sys not showing the syslog processes.......... When i start syslog using... (13 Replies)
Discussion started by: snchaudhari2
13 Replies

8. Solaris

Solaris Syslog Server

Hi all, I want to implement a Syslog Server but i'm new in this area. I donīt know how to configure it in Solaris. I should like send all the logs to a application(manipule the information, por example: do the alerts, configure it, etc...) How can I do that? or Which manual can help me? Exists... (2 Replies)
Discussion started by: yflores
2 Replies

9. UNIX for Dummies Questions & Answers

Solaris 10 question on syslog.conf file

Hi, I have a question on /etc/syslog.conf file in Solaris 10. Below is a line taken from /etc/syslog.conf file and I know that the last field (operator) is where the logs gets outputted but how do I find out what the output file name format is going to be and which directory it gets outputted... (1 Reply)
Discussion started by: stevefox
1 Replies

10. Solaris

Syslog-ng does not start Solaris 9

I have been installing syslog-ng on our Solaris 9 servers. All ov them are working except two which return the following error: # /etc/init.d/syslog start syslog-ng service starting. Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (125)' ... (6 Replies)
Discussion started by: takendal
6 Replies
Login or Register to Ask a Question