1- You are using Linux, it is a very good thing,
2- modify the /etc/conf.d/sysklogd file and
do this:
before:
SYSLOGD_OPTIONS="-m 0"
after:
SYSLOGD_OPTIONS="-m 0 -r -x"
3- in the /etc/syslog.conf, add the
following line:
local6.* /var/log/cisco.log
4- create a file call /var/log/cisco.log:
touch /var/log/cisco.log
5- restart syslog daemon with „service syslog restart“ or “/etc/init.d/syslog restart will do the trick
6- on the ASA or Pix, do this:
logging on logging host inside x.x.x.x logging trap 6 logging timestamp
7- Now on your linux box, run „tcpdump -i eth0 -nnn port 514 -X“ and you will syslog message getting to your box and get stored in the /var/log/cisco.log file.