RE: [syslog-ng]Cisco Logging

6 Apr 2001

      Richard,

syslog-ng does a considerably better job at filtering than does syslogd.
This can cause you problems if you are not looking at it correctly.  syslogd
will log up to a priority for a facility in the syslog.conf.  syslog-ng will
log only that facility given in the syslog-ng.conf.  Cisco devices log at
the info level by default.  So only if you are getting something from the
Cisco devices at the debug level.  If you want the same behavior as in
syslogd you need to set your filter to "priority(info..debug)".

Regards,
Drew
...
-----Original Message-----
From:	Shaw, Richard W [SMTP:Richard.W.Shaw@team.telstra.com]
Sent:	Friday, April 06, 2001 9:50 AM
To:	'syslog-ng@lists.balabit.hu'
Subject:	[syslog-ng]Cisco Logging
Hi Guys
I've just found syslog-ng and am testing/comparing it to our current
syslogd
so I can match the logging then push everything to a syslog server.
My problem is that I'm getting no logs for Cisco devices, I don't even get
anything in the sys.log file(see below):
syslogd.conf file :
local7.debug	/var/log/cisco.log
syslog-ng.conf file:
source src {
        udp();
        tcp();
        sun-streams("/dev/log" door("/etc/.syslog_door"));
        internal();
};
destination d_mail { file("/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/mail.log"
create_dirs(yes)
); };
destination d_cisco { file("/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/cisco.log"
create_dirs(ye
s)); };
destination d_sshd { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/sshd.log"
create_dirs(yes
)); };
destination d_tac { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/tacplus.log"
create_dirs(y
es)); };
destination d_sys { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/sys.log"
create_dirs(yes))
; };
filter f_mail        { facility(mail); };
filter f_cisco       { facility(local7) and priority(debug); };
filter f_sshd        { match("sshd"); };
filter f_tac         { facility(local6); };
log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_cisco); destination(d_cisco); };
log { source(src); filter(f_sshd); destination(d_sshd); };
log { source(src); filter(f_tac); destination(d_tac); };
log { source(src); destination(d_sys); };
Thanks in advance for any help
Regards
Richard Shaw
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng

Hamilton, Andrew Mr RAYTHEON 5 SIG CMD

tags

participants (1)