As a router / firewall engineer 16 months ago I knew nothing about Linux. To be fair, at the time I really couldn't give a hoot about anything Linux / Unix based. It was all about the next Cisco certification. I used completely the wrong distro of Linux to use as a syslog server then. Yes it was Fedora 10, and the reason I picked it was because my girlfriend lived in Cambridge at the time. Since then I've learned a huge amount, and I still know nothing - but you know what, I actually care about my operating system now.
Yes, you are using the wrong operating system, but you like me 16 months ago don't care. You will learn, and I hope you have as much fun learning as I still am. =) We all need somewhere to start, so:
Config the asa:
logging monitor notifications
logging buffered informational
logging trap notifications
logging asdm notifications
logging host inside X.X.X.X
Replace the X.X.X.X with the IP address of the fedora server. Hopefully you've worked out how to nail down a fixed IP address with fedora - took me sometime, the default was DHCP when I installed. It's not as *pretty* as the "show interface ip brief"; but "ifconfig" will give you the IP address if you haven't worked that out.
Now, most guides out there tell you to modify your rsyslog config. I don't remember having to do this - and it worked... A file to check if you are having trouble is: /etc/rsyslog.conf This file should have these lines looking like this:
If you've have a # in front of them they are "commented" out, so they will need removing. If you do need to change this file, then the rsyslog will need restarting to apply this:
system rsyslog restart
A couple of checks for syslog (and good for faulting it) are; first see if it is running:
ps aux | grep -i rsyslog
You'll see the "grep" line and hopefully syslog running.
What you'll also want to check is to see if Fedora is listening for syslog messages. You can check to see if it's *listening* to the syslog messages by running:
netstat -an | grep 514
514 as you'll know is the port number for syslog messages.
The final thing that can cause problems is the firewall within Fedora. This is known as IPtables, it a mild pain to get your head around, But is a solid firewall the more you learn about it =) The way to check this is to run this command:
A line your looking for is:
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
If that is all there - then you should be able to see the syslog messages in the log file. You can read this via using the command:
A really useful command when setting up syslog for the first time is to have a terminal open with this command running:
tail -f /var/log/messages
It updates dynamically in real time - great to see when the first messages start rolling in. =) Think of it in Cisco command terminology as having "term mon on"
Sure there is a whole lot more that you can do with syslog and where those files go. This will hopefully get you started. If you are in the same place I was 16 months ago with no-one to help you learn, good luck. It ain't an easy road, but seriously satisfying - I seem to get more job satisfaction playing in Linux than with Cisco kit now. If you are as new to Linux as I was, I'd honestly look at Ubuntu as an operating system. Not telling you its a perfect distro - but their community has been really good to me as a linux virgin with lots of daft questions. That to me has been the biggest factor in sticking with Linux, rather than an ideal supported distro.
Any problems with it, definately shout, hopefully I can help out.