Hello, I have syslog-ng installed on all of my Linux boxes, logging to a mysql database. (This works) I would like to configure one of my Cisco routers to send syslog messages to this database as well. I have modified my syslog-ng.conf file on the mysql database box to include the following lines: Facility filters filter f_cisco { facility(local7) and priority(debug); }; destination d_cisco {file(" file("/var/log/cisco")' }; log { source(net); filter(f_cisco); destination(d_cisco); }; I have issued the following commands on my router: logging 10.1.1.91 logging facility local7 logging trap debug logging on Needless to say, it isn't working. Why else would I be sending this message. Is there anyone logging their Cisco syslog messages to a mysql database? If so, how can I do it on Redhat Linux? Any help would be greatly appreciated. Thanks. Kevin Rothwell
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Kevin, I am not familiar with the Cisco routers, but I can give you some notes on what to look for when debugging this: 1. Try to sniff the network traffic to see if the logs are reaching from your cisco products to the log-server. (I recommend on ethereal - as you can see the contents of the logs very easily from there) 2. You're assuming that the cisco routers will be the only machines to create "local7" facilities. ("Assumption is the mother of all fuckups :)") Maybe you would like to filter the logs on the syslog-ng server with a netmask or specific IPs. (There was a discussion about it just today) Noam Kevin Rothwell wrote: | filter f_cisco { facility(local7) and priority(debug); }; | | destination d_cisco {file(" file("/var/log/cisco")' }; | | log { source(net); filter(f_cisco); destination(d_cisco); }; | | I have issued the following commands on my router: | | logging 10.1.1.91 logging facility local7 logging trap debug | logging on | | Needless to say, it isn't working. Why else would I be sending | this message. Is there anyone logging their Cisco syslog messages | to a mysql database? If so, how can I do it on Redhat Linux? Any | help would be greatly appreciated. Thanks. | | Kevin Rothwell -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAI/cycgxJvekqy4kRAhXzAJ9OGmaDTPVneTZgDjAsIcqMSpgkMQCfRtrL /syshrelmKQVZV52w22VagI= =RnzL -----END PGP SIGNATURE-----
This may be a problem of somewhat different semantics between Cisco IOS and syslog-ng configuration speak. In IOS logging trap debug says send all messages of priority debug (the lowest possible) and higher to the logging host (10.1.1.91 in this case.) Syslog-ng syntax says if you say priority debug you mean only that priority. I suspect that if you enable yourself on a *test* router and turn on some debugging you will see the messages in the log file. BTW, unless you are attached directly to the router console port, you will need to issue the IOS command term monitor in order to see the debug output locally. Be real careful about debugging a router under a heavy load since it can quickly turn into a self-eating doughnut and disappear into its own hole :( --Dave -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Kevin Rothwell Sent: Friday, February 06, 2004 2:03 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Syslog-ng, Mysql, and Cisco routers Hello, I have syslog-ng installed on all of my Linux boxes, logging to a mysql database. (This works) I would like to configure one of my Cisco routers to send syslog messages to this database as well. I have modified my syslog-ng.conf file on the mysql database box to include the following lines: Facility filters filter f_cisco { facility(local7) and priority(debug); }; destination d_cisco {file(" file("/var/log/cisco")' }; log { source(net); filter(f_cisco); destination(d_cisco); }; I have issued the following commands on my router: logging 10.1.1.91 logging facility local7 logging trap debug logging on Needless to say, it isn't working. Why else would I be sending this message. Is there anyone logging their Cisco syslog messages to a mysql database? If so, how can I do it on Redhat Linux? Any help would be greatly appreciated. Thanks. Kevin Rothwell _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html --- [This E-mail scanned for viruses by ezaccess.net]
participants (3)
-
Dave Edelman
-
Kevin Rothwell
-
Noam Meltzer