E-50
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Troubleshooting the Appliance
For More Information
To learn more about the IPS Logger service, refer to Logger.
Directing cidLog Messages to SysLog
It might be useful to direct cidLog messages to syslog.
To direct cidLog messages to syslog, follow these steps:
Step 1 Go to the idsRoot/etc/log.conf file.
Step 2 Make the following changes:
a. Set [logApp] enabled=false
Comment out the
enabled=true because enabled=false is the default.
b. Set [drain/main] type=syslog
The following example shows the logging configuration file:
timemode=local
;timemode=utc
[logApp]
;enabled=true
;-------- FIFO parameters --------
fifoName=logAppFifo
fifoSizeInK=240
;-------- logApp zone and drain parameters --------
zoneAndDrainName=logApp
fileName=main.log
fileMaxSizeInK=500
[zone/Cid]
severity=warning
drain=main
[zone/IdsEventStore]
severity=debug
drain=main
[drain/main]
type=syslog
The syslog output is sent to the syslog facility local6 with the following correspondence to syslog
message priorities:
LOG_DEBUG, // debug
LOG_INFO, // timing
LOG_WARNING, // warning
LOG_ERR, // error
LOG_CRIT // fatal
Note Make sure that your /etc/syslog.conf has that facility enabled at the proper priority.
Comments to this Manuals