Can you email the rest of your syslog-ng config, All I see is a log file called /var/log/cisco, How do you import this into the mysql database? When you issue show logging on the cisco you should see how many message were sent to the log server and type of message sent. ibr01>sh logg Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 1126 messages logged Monitor logging: level debugging, 2 messages logged Buffer logging: level debugging, 1126 messages logged Exception Logging: size (8192 bytes) Trap logging: level debugging, 481 message lines logged Logging to 192.168.1.11, 481 message lines logged The other thing is to run tdpdump on the log server with a filter for only that router. tcpdump host 'router_ip' You could also debug ip packets on the router, instead of a debug all, ! ip access-list 199 permit ip host 'log server ip' host 'router ip' ip access-list 199 permit ip host 'router ip' host 'log server ip' ! deb ip packet 199 detail ! term mon ! undebug all michael Michael Earls Systems Analyst, Information Services Cincinnati Children's Hospital Medical Center Phone: 513-636-5882 Phone: 1-800-344-2462 PGP Info: KeyID 0x5EB59708 Fingerprint 108B A1D8 76F5 08A8 501A F28C 86F4 4BC5 5EB5 9708

...

...

dedelman@iname.com 02/06/04 09:19PM >>> This may be a problem of somewhat different semantics between Cisco IOS and syslog-ng configuration speak.

In IOS logging trap debug says send all messages of priority debug (the lowest possible) and higher to the logging host (10.1.1.91 in this case.) Syslog-ng syntax says if you say priority debug you mean only that priority. I suspect that if you enable yourself on a *test* router and turn on some debugging you will see the messages in the log file. BTW, unless you are attached directly to the router console port, you will need to issue the IOS command term monitor in order to see the debug output locally. Be real careful about debugging a router under a heavy load since it can quickly turn into a self-eating doughnut and disappear into its own hole :( --Dave -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Kevin Rothwell Sent: Friday, February 06, 2004 2:03 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Syslog-ng, Mysql, and Cisco routers Hello, I have syslog-ng installed on all of my Linux boxes, logging to a mysql database. (This works) I would like to configure one of my Cisco routers to send syslog messages to this database as well. I have modified my syslog-ng.conf file on the mysql database box to include the following lines: Facility filters filter f_cisco { facility(local7) and priority(debug); }; destination d_cisco {file(" file("/var/log/cisco")' }; log { source(net); filter(f_cisco); destination(d_cisco); }; I have issued the following commands on my router: logging 10.1.1.91 logging facility local7 logging trap debug logging on Needless to say, it isn't working. Why else would I be sending this message. Is there anyone logging their Cisco syslog messages to a mysql database? If so, how can I do it on Redhat Linux? Any help would be greatly appreciated. Thanks. Kevin Rothwell _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html --- [This E-mail scanned for viruses by ezaccess.net] _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html