Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Remote syslog facility problem

To: [email protected]
Subject: Re: [FW-1] Remote syslog facility problem
From: "Waeytens, Filip" <[email protected]>
Date: Thu, 6 Dec 2001 16:24:19 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Thnks to the people who responded.
I opened a Nokia case for this and their answer is that this is not
supported on their platforms.
I think it's a shame because it's a feature that would allow better remote
monitoring of firewalls.
You could centrally monitor all your firewalls via one (two for redundancy)
syslog server(s).
You can already do it now, but all messages get mixed, which is exactly why
facilities are used, so it's a bit contradictory that you cannot manipulate
facilities while sending to a remore syslog.
Offcourse you can always setup a script on the syslog server that filters
stuff, but this is "afropatching".

thnks again,

Filip


> -----Original Message-----
> From: Waeytens, Filip
> Sent: Friday, November 30, 2001 10:50 AM
> To: [email protected]
> Subject: [FW-1] Remote syslog facility problem
>
>
> Hi,
>
> We have a problem:
>
> We send all syslog messages from our firewalls (nokia
> IPSO3.3-FCS3 on a
> IP330) to a remote sunbox (via the voyager options).
> These messages keep their syslog facilities and get mingled
> on the remote
> box with the messages from the remote box itself - iow:
> daemon messages from
> the firewall arrive with the daemon facility in the
> /var/log/messages of the
> sunbox-.
> What we would like to do is send ALL syslog messages from the
> firewall to
> the remote box, while changing the facility to e.g.
> local7.info. Like this
> we can make sure that all firewall syslog messages arrive in
> a separate
> file, which makes things easier to manage and keeps things in
> real time (for
> alert logging to netcool e.g.). With Cisco, and no doubt,
> other vendors, you
> can set this option (change the syslog facility for syslog messages).
> Uptill now I didn't see an option in IPSO to do this.
> I was thinking if adding a logger -p localx.info to a boot
> script would
> change anything ?
>
> Any idea's
>
>
> thnks
>
> Filip Waeytens
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: [FW-1] Alexa blocking
Next by Date: Re: [FW-1] Alexa blocking
Previous by thread: Re: [FW-1] Alexa blocking
Next by thread: [FW-1] probs. with getting started with a Dial-Up Server to ISP
Index(es):
- Date
- Thread