<div>Cisco messages are easy to log than most IMHO.</div><div>The great thing about them is that they include the starting Mnemonic (Facility-Severity-Mnemonic).</div><div>Take a look at my whitepaper here:</div><div><a href="http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html">http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html</a></div>
<div><br></div><div>I also use these to track Cisco events in my tool, LogZila (<a href="http://www.logzilla.pro">http://www.logzilla.pro</a>). The great thing about them is that by tracking them, you can instantly get a view of your network problems by generating graphs of top 10 mnemonics.</div>
<div>You can see what I mean by looking at the demo site at <a href="http://demo/logzilla.pro">http://demo/logzilla.pro</a> - once there, just click on "Charts>Top10>By Count>Cisco Mnemonics".</div><div>
<br></div><div><br></div><div><br clear="all">______________________________________________________________ <br><br>Clayton Dukes<br>______________________________________________________________<br>
<br><br><div class="gmail_quote">On Mon, Mar 7, 2011 at 6:35 AM, Alexander Clouter <span dir="ltr"><<a href="mailto:alex@digriz.org.uk">alex@digriz.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi,<br>
<br>
Digging around, I could not find anything on how to 'sensibly' log the<br>
junk that Cisco IOS devices (and their infernal WLC) spit out plus I was<br>
keen to rewrite squid HTTP proxy server logs to make use of the<br>
epoch+msec timestamp found in the MSG.<br>
<br>
I have documented, very roughly, my current solution on my website and<br>
would welcome amendments/fixes/flames/etc on the approach:<br>
<br>
<a href="http://www.digriz.org.uk/syslog-ng-integration" target="_blank">http://www.digriz.org.uk/syslog-ng-integration</a><br>
<br>
Before you ask, I use 'match("<a href="http://fqdn.example.com" target="_blank">fqdn.example.com</a>" value("HOST_FROM") ...)'<br>
as netmask() is broken for IPv6 :)<br>
<br>
Cheers<br>
<font color="#888888"><br>
--<br>
Alexander Clouter<br>
.sigmonster says: When pleasure remains, does it remain a pleasure?<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</font></blockquote></div><br></div>