Re:[syslog-ng]Logging Remotely from Solaris to Linux Update
Hi Bazsi Here's an update and continued question: Everything seems to be fine when syslogging remotely from the Solaris box to the Linux box except that cron priorities of debug - critical don't get sent (just emerg). Also, Solaris and Linux boxes alike won't send daemon priorities debug or information messages to the log host. New problem: We need to send logs from our Cisco 2511 access router and 6509 switch/router to the Linux log host, but it's not working. I've set logging facility and host from the Cisco devices, but they don't get logged on the log host. Any ideas or advise? As always: Thanks much for all your help!! rb Ron Braley Network Team Leader - CCNP Systems Team Leader - MCSE, CNE University of North Dakota (Aerospace College) braley@aero.und.edu 701-777-2964 (work) / 2940 (fax)
Ron Braley wrote:
New problem: We need to send logs from our Cisco 2511 access router and 6509 switch/router to the Linux log host, but it's not working. I've set logging facility and host from the Cisco devices, but they don't get logged on the log host. Any ideas or advise?
We are logging more than 3.000 Cisco devices to syslog-ng with no problems. Works great with the cisco defaults. Running syslog-ng on Solaris 8. Try a snoop (or some equal. stuff) to ensure, that your Cisco Logs arriving the syslog-ng server. -- Best regards --Andreas Schulze [phone: +49.5246.80.1275, fax: +49.5246.80.2275] | I believe, it was Dennis Ritchie who said something like: | "C is rarely the best language for a given task, | but it's often the second-best". | The implication being that: "[...]" | | sh# cat>$$.c<<EOT | main(l,a,n,d)char**a;{for(d=atoi(a[1])/10*80-atoi(a[2])/5-596;n="@NK\ | ACLCCGZAAQBEAADAFaISADJABBA^SNLGAQABDAXIMBAACTBATAHDBANZcEMMCCCCAAhE\ | IJFAEAAABAfHJETBdFLDAANEfDNBPHdBcBBBEA_AL H E L L O, W O R L D! " | [l++-3];)for(;n-->64;)putchar(!d+++33^l&1);} | EOT | gcc -o$$ $$.c;clear;./$$ 52 8;rm -f $$*
On Mon, Jun 03, 2002 at 11:36:06AM -0500, Ron Braley wrote:
Hi Bazsi
Here's an update and continued question: Everything seems to be fine when syslogging remotely from the Solaris box to the Linux box except that cron priorities of debug - critical don't get sent (just emerg). Also, Solaris and Linux boxes alike won't send daemon priorities debug or information messages to the log host.
this might be caused by the different facility codes between linux and solaris. Syslog-ng uses the codes of the host operating system it was compiled on. Maybe a feature to map facility codes would be useful.
New problem: We need to send logs from our Cisco 2511 access router and 6509 switch/router to the Linux log host, but it's not working. I've set logging facility and host from the Cisco devices, but they don't get logged on the log host. Any ideas or advise?
As always: Thanks much for all your help!!
I'm not experienced in setting up routers to log remotely, though I'm sure many of us on this list do this regularly. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
On Tue, Jun 04, 2002 at 09:22:15AM +0200, Balazs Scheidler wrote:
On Mon, Jun 03, 2002 at 11:36:06AM -0500, Ron Braley wrote:
Hi Bazsi
Here's an update and continued question: Everything seems to be fine when syslogging remotely from the Solaris box to the Linux box except that cron priorities of debug - critical don't get sent (just emerg). Also, Solaris and Linux boxes alike won't send daemon priorities debug or information messages to the log host.
this might be caused by the different facility codes between linux and solaris. Syslog-ng uses the codes of the host operating system it was compiled on. Maybe a feature to map facility codes would be useful.
Usually I just a bunch of #defines in syslog-names.c and slap the extra facilities on sl_facilities[]. I only ever bother with this on our loghost, but it is very useful. Linux, Solaris, Irix, and BSD are all a little bit different, and it is handy to be able to handle various faculities correctly. For example I handle the Linux/BSD authpriv, auth, and the BSD only "security" facilities the same, but my loghost runs Solaris and doesn't know about the other two facility by default. Having this built in so I can define it in a configuration file would be sweet! But I am looking more for an index than a map (or maybe that is what you meant by map). What I'd like is something like: (9<<3) -> CRON /* !Sun */ (11<<3) -> FTP /* Linux */ (12<<3) -> NTP /* BSD */ (13<<3) -> AUDIT /* Irix */ (13<<3) -> SECURITY /* BSD */ (15<<3) -> CRON /* Sun */ ---------------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary (_)/(_) http://pages.cpsc.ucalgary.ca/~arlt/ Computer Science
participants (4)
-
Andreas Schulze
-
Balazs Scheidler
-
Brad Arlt
-
Ron Braley