[SGVLUG] PIX Logging to syslog
Claude Felizardo
cafelizardo at gmail.com
Tue Apr 3 10:18:21 PDT 2007
On 4/2/07, Joel Witherspoon <joel.witherspoon at gmail.com> wrote:
>
> Are you sure you restarted syslogd after modifying your config files?
>
> Yep. Several times. Ran syslog -d as well. It doesn't show as writing to a
> file.
>
> Do you have a local local firewall on your receiving server? I use
> shorewall so I had to add an explicit rule to allow udp 514 packets.
>
> Took iptables down. SELinux isn't even installed. I can see the UDP traffic
> coming in, but I can't get it to write to file.
[snip]
Okay, just going through a check list here. Are you sure there is
space on the device? Permission problems? mounted read-only?
perhaps there's an error in your config file. Are any of the other
logs being updated? Here's are my entries for my router:
## log router messages
local6.*
-/var/log/router.log
local6.* /dev/tty11
I believe the dash prefixed to the filename means syslogd should flush
after each write to prevent messages from getting lost during a crash.
Probably not needed and should not be used for a high rate log.
regarding iptables. with shorewall, even if you shut it down, it
still leaves some default rules that filter things out. Have you
tried a simple reboot? Perhaps something else got hosed?
claude
More information about the SGVLUG
mailing list