Redirecrt Cisco firewall logs from syslog to other logfile [FIXED]

[Maxime Alarie]

From: ubuntu-users-bounces at lists.ubuntu.com
[mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of Maxime
Alarie
Sent: 03 January 2011 11:47
To: Ubuntu user technical support,not for general discussions
Subject: Redirecrt Cisco firewall logs from syslog to other logfile

 

Good day,

 

 

I have setup my  cisco ASA5510 firewall to send its log to my Ubuntu
server.   All the logs are  sent in  syslog by default. I do not find
this very convenient, as my syslog is getting spammed by all these cisco
logs.  Is there a way to redirect  the logs coming from my firewall to
its own file?

 

Anyone has  suggestions on how to do it?

 

Regards,

 

 

Hi again, I have  found a solution.

 

After some RTFM,

 

Here is what I  did  to make it work: I had this line /etc/rsyslog.conf:
$IncludeConfig /etc/rsyslog.d/*.conf

 

I created the file cisco.conf /etc/rsyslog.d/ with the following
entries:

 

#local*.* /var/log/cisco.log

local4.* /var/log/cisco.log

local7.debug /var/log/cisco.log

local7.warn /var/log/cisco.log

 

Everything is now sent to cisco.log.

 

Foe best practice,  I will create the directory /var/log/cisco and send
each log type in its own file:

 

Cheers,

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110103/36f5974a/attachment.html>