Palo CEF logging to messages not syslog

%3CLINGO-SUB%20id%3D%22lingo-sub-1296353%22%20slang%3D%22en-US%22%3EPalo%20CEF%20logging%20to%20messages%20not%20syslog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1296353%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20run%20the%20cef_troublshooter.py%20i%20see%20the%20following%20logged%20to%20screen%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Esudo%20tac%20%2Fvar%2Flog%2Fsyslog%0Atac%3A%20failed%20to%20open%20%E2%80%98%2Fvar%2Flog%2Fsyslog%E2%80%99%20for%20reading%3A%20No%20such%20file%20or%20directory%0ALocated%200%0A%20CEF%5CASA%20messages%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3EWhen%20I%20went%20to%20read%20%2Fvar%2Flog%2Fsyslog%2C%20i%20found%20that%20log%20didn't%20exist.%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20next%20move%20was%20to%20check%20messages%20and%20that's%20where%20i%20found%20all%20my%20CEF%20messages.%20How%20do%20i%20configure%20rsyslog%20to%20log%20to%20%2Fvar%2Flog%2Fsyslog%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3ERogueIT%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1317121%22%20slang%3D%22en-US%22%3ERe%3A%20Palo%20CEF%20logging%20to%20messages%20not%20syslog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1317121%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616207%22%20target%3D%22_blank%22%3E%40Rogueit%3C%2FA%3E%3C%2FP%3E%3CP%3EMy%20friend%20after%20working%20with%20MS%20for%204%20hours%2C%20we%20rebuild%20the%20server%20on%20Ubuntu%2C%20it%20fixed%20all%20the%20problems%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1317272%22%20slang%3D%22en-US%22%3ERe%3A%20Palo%20CEF%20logging%20to%20messages%20not%20syslog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1317272%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F570807%22%20target%3D%22_blank%22%3E%40arshad80%3C%2FA%3E%26nbsp%3Band%20yes%20it%20was%20CentOS%20with%20the%20similar%20issue%20you%20had%2C%20i%20installed%20new%20CentOS%20same%20issue%20so%20i%20ended%20up%20calling%20MS%20and%20they%20had%20me%20install%20ubuntu%20and%20guess%20what%20it%20fixed%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

When I run the cef_troublshooter.py i see the following logged to screen

 

sudo tac /var/log/syslog
tac: failed to open ‘/var/log/syslog’ for reading: No such file or directory
Located 0
 CEF\ASA messages

When I went to read /var/log/syslog, i found that log didn't exist. 

My next move was to check messages and that's where i found all my CEF messages. How do i configure rsyslog to log to /var/log/syslog?

 

Thanks,

RogueIT

2 Replies

@Rogueit

My friend after working with MS for 4 hours, we rebuild the server on Ubuntu, it fixed all the problems :)

@arshad80 and yes it was CentOS with the similar issue you had, i installed new CentOS same issue so i ended up calling MS and they had me install ubuntu and guess what it fixed this issue.