Logging Facilities
When syslog messages are sent to a server, it is important to indicate through which pipe the
Security Appliance will send the messages. The single syslog service, syslogd, can be thought
of as having multiple pipes. It uses the pipes to decide where to send incoming information
based on the pipe through which the information arrives. Syslogd is a daemon/service that
runs on UNIX machines. In this analogy, the logging facilities are the pipes by which syslogd
decides where to send information it receives—that is, to which file to write.
Eight logging facilities (16 through 23) are commonly used for syslog on the Cisco Security
Appliance. On the syslog server, the facility numbers have a corresponding identification—
local0 to local7. The following are the facility numbers and their corresponding syslog
identification:
■ local0 (16)
■ local1 (17)
■ local2 (18)
■ local3 (19)
■ local4 (20)
■ local5 (21)
■ local6 (22)
■ local7 (23)
The default facility is local4 (20). To change the default logging facility on the Security
Appliance, you use the logging facility facility command. The following command shows the
logging facility changed to 21:
Pix(config)# logging facility 21