Cisco messages are easy to log than most IMHO. The great thing about them is that they include the starting Mnemonic (Facility-Severity-Mnemonic). Take a look at my whitepaper here: http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c... I also use these to track Cisco events in my tool, LogZila ( http://www.logzilla.pro). The great thing about them is that by tracking them, you can instantly get a view of your network problems by generating graphs of top 10 mnemonics. You can see what I mean by looking at the demo site at http://demo/logzilla.pro - once there, just click on "Charts>Top10>By Count>Cisco Mnemonics". ______________________________________________________________ Clayton Dukes ______________________________________________________________ On Mon, Mar 7, 2011 at 6:35 AM, Alexander Clouter <alex@digriz.org.uk>wrote:
Hi,
Digging around, I could not find anything on how to 'sensibly' log the junk that Cisco IOS devices (and their infernal WLC) spit out plus I was keen to rewrite squid HTTP proxy server logs to make use of the epoch+msec timestamp found in the MSG.
I have documented, very roughly, my current solution on my website and would welcome amendments/fixes/flames/etc on the approach:
http://www.digriz.org.uk/syslog-ng-integration
Before you ask, I use 'match("fqdn.example.com" value("HOST_FROM") ...)' as netmask() is broken for IPv6 :)
Cheers
-- Alexander Clouter .sigmonster says: When pleasure remains, does it remain a pleasure?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html