There are a number of syslogging tools available to choose from in linux, however Rsyslog is the default syslogging tool in Ubuntu since 9.10 (Karmic) which also comes installed by default, so I will be using this. Rsyslog is compatible with both tcp and udp logging.

To setup rsyslog to capture alerts from a remote source:
sudo nano /etc/rsyslog.conf and simply uncomment the protocol you prefer.

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
# $ModLoad imtcp
# $InputTCPServerRun 514

You can also use the $AllowedSender directive if you want to setup ACL’s.

You will then need to specify which alerts you would like to listen for:
sudo nano /etc/rsyslog.d/50-default.conf
Add the following line to capture notification alerts including all levels <0-5>
*.notice        -/var/logs/Firewall/Cisco_ASA.log

sudo /etc/init.d/rsyslog restart to restart the syslog service to enable changes.


sudo nano /etc/logrotate.conf

/var/logs/Firewall/Cisco_ASA.log {
rotate 99
create 0640 syslog adm

Add to cron
sudo nano /etc/crontab

# Syslog
00 00    * * *    root    /usr/sbin/logrotate -f /etc/logrotate.conf

No Comment.

Add Your Comment