On Wed, May 23, 2007 at 11:52:48PM -0700, Tom Le wrote:
Here is a part of my syslog-ng.conf, after some thorough research on the Cisco website:
#### {{{ Cisco, by device type filter f_cisco_router { facility(local2); }; filter f_cisco_switch { facility(local3); }; filter f_cisco_firewall { facility(local4); }; filter f_cisco_vpnbox { facility(local5); }; #### Cisco, by device type }}}
Keep in mind that if you have any other devices sending messages using the same facility as above, you may inadvertently filter those messages as well. You can match some text strings within the messages themselves or use a regex. Regex is more accurate but can have performance impact on busy syslog-ng server.
Good point(s). I tend to use a different IP (often just a virual interface) as the source for host and network device syslog. It ends up help in a lot of cases. -- Nate First Law of System Requirements: "Anything is possible if you don't know what you're talking about..."