Logging from a firewall to linux is fairly simple. First, enable logging on the firewall with something along these lines (your options may vary):

(config)# logging on
(config)# logging standby
(config)# logging timestamp
(config)# logging trap notifications
(config)# logging facility 19
(config)# logging host inside <Your server IP address>

Notice that the firewall uses facility 19. That will need to be converted to binary in order to determine what to set up in the syslog.conf file. Since syslog only uses local0 through local7 you must use a corresponding facility. In the case of the above configuration, it is local3.

16 = 00010000 = local0
17 = 00010001 = local1
18 = 00010010 = local2
19 = 00010011 = local3
20 = 00010100 = local4
21 = 00010101 = local5
22 = 00010110 = local6
23 = 00010111 = local7

On the server, edit the /etc/syslog.conf file. Add the following line:

local3.*       <location of your log file>

In my case I use /var/log/firewall.log for the location of the log.

Make sure you use a tab between the local3.* and the log file location or it won't work.

You also need to enable remote logging in syslog if not already enabled. Open /etc/sysconfig/syslog and look for this line:

SYSLOGD_OPTIONS="-m 0 -r"

Make sure the '-r' is one of the options. If not, add it to the options line.

Restart syslog:

/etc/init.d/syslog restart

Check to make sure you are now logging.

tail -f /var/log/firewall.log