Hi, Mladen Tsvetkov <mladen.tsvetkov@telelink.com> [20080515 09:13:32 +0300]:
I am new to syslog-ng. I have successfully installed it and integrated with mysql and php. My question is how can I make syslog-ng to start rancid when a syslog configuration message is received from a cisco device:
112578: 1564643: May 15 09:05:19.141 EEST: %SYS-5-CONFIG_I: Configured from console by ******** on vty0 (10.10.10.10).
So far I know that I have to use the program() directive. But how can I pass the hostname and other parameters to rancid?
I probably would have thought an SNMP trap for ciscoConfigManEvent[1] would have been the 'correct' way to do this? If you plan on using the syslog messages, you probably need to seperately run swatch[2] to deal with this as it's outside of syslog-ng's remit (I think). Cheers Alex [1] http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-C... [2] http://swatch.sourceforge.net/