Hallo Yelena, I can't really figure out where your problem is, so I would like to tell you how I log the events from my network equipment. Becaus e I'm only responsible for networking equipment like switches and routers, I can be sure that no one else will have my logging-server as a destination. So I don't take care about any "facility" and log everything wich is destined for my server. First I defined a source: ######### MY Sources ########### source netz_kompo { # udp(); udp (ip(x.x.x.x)); }; where x.x.x.x is the IP of my logging-server. Be sure no other source object uses udp. Then some destinations, one for every customer-network: ########## MY Destinations ########## # MY-LAN destination my { file("/bla/blubb/my.log" owner("root") group ("users") perm(0640)); }; # customer1 destination customer1 { file("/bla/blubb/customer1.log" owner("root") group ("users") perm(0640)); }; # customer2 destination customer2 { file("/bla/blubb/customer2.log" owner("root") group ("users") perm(0640)); }; # customer3 destination customer3 { file("/bla/blubb/customer3.log" owner("root") group ("users") perm(0640)); }; ###### Here are some filters: ############ MYFilter ################## # MY filter my_all { netmask("x.x.0.0/255.255.0.0"); }; # customer1 filter customer1_all { netmask("x.x.0.0/255.255.0.0"); }; At last - the log-objects: ############ MY logs ##################### #MY log { source(netz_kompo); filter(my_all); destination(my); }; #Customer1 log { source(netz_kompo); filter(customer1_all); destination(customer1); }; Hope this helps CU Werner Am Mittwoch, 23. Mai 2007 18:18 schrieb Grigoreva, Yelena:
Hallo,
I have enabled Cisco logging to my host SUSE 10.2. From the Wireshark tool I can see that I become the syslog messages and then I try to find them somewhere in /var/log/.... but w/t success. ;(
Where are the syslog messages logged from external HW? I have set in my sysconf SYSLOGD_PARAMS="-rx -m 0" to enable external logging, but all the same-no effect.I have created local0, cisco files: I am not sure what file name should I give? where must it be specified?
I will be grateful for any tip :)
warm regards Yelena
-- ___________________________________________________________________________ A Linux-Server is like a tent: no windows, no gates and an apache inside...