Cisco messages are easy to log than most IMHO.
The great thing about them is that they include the starting Mnemonic (Facility-Severity-Mnemonic).
Take a look at my whitepaper here:
http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

I also use these to track Cisco events in my tool, LogZila (http://www.logzilla.pro). The great thing about them is that by tracking them, you can instantly get a view of your network problems by generating graphs of top 10 mnemonics.
You can see what I mean by looking at the demo site at http://demo/logzilla.pro - once there, just click on "Charts>Top10>By Count>Cisco Mnemonics".



______________________________________________________________

Clayton Dukes
______________________________________________________________


On Mon, Mar 7, 2011 at 6:35 AM, Alexander Clouter <alex@digriz.org.uk> wrote:
Hi,

Digging around, I could not find anything on how to 'sensibly' log the
junk that Cisco IOS devices (and their infernal WLC) spit out plus I was
keen to rewrite squid HTTP proxy server logs to make use of the
epoch+msec timestamp found in the MSG.

I have documented, very roughly, my current solution on my website and
would welcome amendments/fixes/flames/etc on the approach:

http://www.digriz.org.uk/syslog-ng-integration

Before you ask, I use 'match("fqdn.example.com" value("HOST_FROM") ...)'
as netmask() is broken for IPv6 :)

Cheers

--
Alexander Clouter
.sigmonster says: When pleasure remains, does it remain a pleasure?

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html