01.30
There are a number of syslogging tools available to choose from in linux, however Rsyslog is the default syslogging tool in Ubuntu since 9.10 (Karmic) which also comes installed by default, so I will be using this. Rsyslog is compatible with both tcp and udp logging.
To setup rsyslog to capture alerts from a remote source:
sudo nano /etc/rsyslog.conf and simply uncomment the protocol you prefer.
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
# $ModLoad imtcp
# $InputTCPServerRun 514
You can also use the $AllowedSender directive if you want to setup ACL’s.
You will then need to specify which alerts you would like to listen for:
sudo nano /etc/rsyslog.d/50-default.conf
Add the following line to capture notification alerts including all levels <0-5>
*.notice -/var/logs/Firewall/Cisco_ASA.log
sudo /etc/init.d/rsyslog restart to restart the syslog service to enable changes.
LOG ROTATION
sudo nano /etc/logrotate.conf
/var/logs/Firewall/Cisco_ASA.log {
daily
rotate 99
nocompress
missingok
create 0640 syslog adm
}
Add to cron
sudo nano /etc/crontab
# Syslog
00 00 * * * root /usr/sbin/logrotate -f /etc/logrotate.conf
No Comment.
Add Your Comment