Syslog-NG or other? Logging from a firewall

[cuban]

Hey all,

I'd like to have my PIX firewall log to my gentoo box. I'm currently running SYSLOG-NG and the PIX can log to any facility level. How can I configure syslog-ng to accept these log entries, and place them into /var/log/firewall?

I've tried looking around and all I can find are docs for whatever syslog redhat uses.

TIA,
Daniel
_________________
Tell your ISP to support SPF/SASL AUTH (http://spf.pobox.com) today!

[kashani]

Check out this thread. There's a config for syslog-ng halfway down. No need for facilities with syslog-ng as it's smarter than the old syslog.

https://forums.gentoo.org/viewtopic.php?t=37887&

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[cuban]

Interesting. So I just tell the PIX to log to any facility and syslog-ng figures it out?
_________________
Tell your ISP to support SPF/SASL AUTH (http://spf.pobox.com) today!

[kashani]

The point of facilities was that mutiple devices could log to the same server and you could filter things based on which facility they came in. All routers went to facility 2, switch to facility 3, and so on. In this case you can have syslog-ng do a reverse lookup on any device that logs to it and create $host.log on the fly. Much simpler and cleaner IMHO.

I don't actually have a Pix at the moment, but the routers and switches log directly to the IP with no facility setting.
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[cuban]

Ah, okay. Sweet! Thanks.
_________________
Tell your ISP to support SPF/SASL AUTH (http://spf.pobox.com) today!