I am trying to send the firewall logs to syslog but this is not working for
me. Does anybody have any other recommendations? All that logged over a 24
hour period when issuing $FWDIR/bin/fw log -f 2>>/var/adm/messages |
/bin/logger -p local5.info > /dev/null 2>&1 & was what is attached below,
while log viewer had hundreds of entries.
FireWall-1 Log File was switched on 5Sep2001 20:38:26
FireWall-1 Log File was switched on 5Sep2001 20:42:58
Sep 6 03:00:00 fire adm:
Sep 6 03:00:00 fire last message repeated 4 times
Sep 6 03:00:00 fire adm: ********** SYSTEM ACCOUNTING STARTED Thu Sep 6
03:00:00 CDT 2001 **********
Sep 6 03:00:00 fire adm:
Sep 6 03:00:00 fire last message repeated 4 times
Sep 6 03:00:02 fire adm: ********** SYSTEM ACCOUNTING COMPLETED Thu Sep 6
03:00:02 CDT 2001 **********
www.phoneboy.com
Logging to Syslog?
Q:
How can I make FireWall-1 log to my syslog server?
A:
To log specific events to syslog, I use 'User-Defined' logging for this.
My user-defined program (defined in the Rulebase Properties, Logging and
Alerting tab) is "/usr/ucb/logger -p daemon.notice". Another alternative is
to log everything to syslog. Rickard
Cedergren says he runs the following on his system and it logs everything
that comes in to syslog. $FWDIR/bin/fw log -f 2>>/var/adm/fw-log.log |
/bin/logger -p local5.info
> /dev/null 2>&1 &
This command runs in the background and logs everything to syslog. Note
that it might be best to put this into a boot script after FireWall-1 loads
so that everything is dumped to syslog.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
