Bill Nash wrote:
On Wed, 23 May 2007, Bill Nash wrote:
On Wed, 23 May 2007, Grigoreva, Yelena wrote:
I have enabled Cisco logging to my host SUSE 10.2. From the Wireshark tool I can see that I become the syslog messages and then I try to find them somewhere in /var/log/.... but w/t success. ;(
Where are the syslog messages logged from external HW? I have set in my sysconf SYSLOGD_PARAMS="-rx -m 0" to enable external logging, but all the same-no effect.I have created local0, cisco files: I am not sure what file name should I give? where must it be specified?
I will be grateful for any tip :)
Check local7. I think that's the default facility for Cisco devices.
Or local4, now that I really think on it. It depends on the type of device and which faction of Cisco (or purchased company) wrote the code.
Here is a part of my syslog-ng.conf, after some thorough research on the Cisco website: #### {{{ Cisco, by device type filter f_cisco_router { facility(local2); }; filter f_cisco_switch { facility(local3); }; filter f_cisco_firewall { facility(local4); }; filter f_cisco_vpnbox { facility(local5); }; #### Cisco, by device type }}} ... # vim: set nowrap foldmethod=marker : The {{{ and }}} are used by vim to mark a "fold", so that it is shown as one-line. Just my 2 yen, in case you didn't know :-) Kalin. -- | A | Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com> | D | TEL: +81 (3) 6439-7547 MOBILE: +81 90 8496-0556 | J | IT Security Officer | P | Adecco Japan http://www.adecco.co.jp/