From: amy wong amywsp@gmail.com Date: Tue, 29 Jun 2004 17:03:14 +0800 Subject: Cisco Log To: bazsi@balabit.hu Hi, I'm new in syslog-ng. Currently install syslog-ng-1.4.7. I have got the cisco router monitor, and log can be seen on /var/log/messages but not /var/log/cisco.log. My questions are do the cisco.log file will be created automatically? and would you show me the right way in setting up? source remote {tcp(); udp();}; destination d_cisco { file("/var/log/cisco.log); }; filter f_cisco_info { level(info); }; filter f_cisco_notice { level(notice); }; filter f_cisco_warn { level(warn); }; filter f_cisco_crit { level(crit); }; filter f_cisco_err { level(err); }; log { source(remote); filter(f_cisco_info); destination(d_cisco); }; log { source(remote); filter(f_cisco_notice); destination(d_cisco); }; log { source(remote); filter(f_cisco_warn); destination(d_cisco); }; log { source(remote); filter(f_cisco_crit); destination(d_cisco); }; log { source(remote); filter(f_cisco_err); destination(d_cisco); }; destination hosts { file("/var/log/HOSTS/$HOSTS/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(remote); destination(hosts); }; +++++++++++++++++++++++++++++++ Had to cut and paste First the setup on the Cisco devices. Cisco uses facility 7 for syslog. You need to set the proper severity levels for what you plan on sending to your syslog host. Do not use debug, you will kill the router or switch possibly. YMMV. I took some snippets of our config file here. The filter just puts all levels of syslog into one file which is parsed by netcool. You will have to play around with the severities. Cisco is kind of confused (being nice) on some severities. I think you will end up adjusting and using what you think is critical than using what they think is critical. Remember that you can filter specific messages using syslog-ng i.e. LINK-5-UPDOWN. The 5 is severity. I hope this helps. # The udp and port 514 are defaults but sometimes we change them here for diagnostics. # It is easier to leave in so you don't have to dig through docs to find out how to set the port source s_udpmessages {udp(ip(<IPADDRESSOFLOCALINTERFACETOLISTENON>) port(514));}; #This is a log file for Netcool destination d_mesg { file("/var/log/ncolog"); }; filter f_filter7 { facility(local7) and level(emerg,alert,crit,err,warning,notice,info); }; log { source(s_udpmessages); filter(f_filter7); destination(d_mesg); };
Hello, example my automatical very simple configuration for all daemons FeeBSD, 500 cisco routers and one pix. *** # syslog-ng.conf # syslog-ng-1.6.0.r3 A powerfull syslogd replacemen # 28.05.2004 created jozef.drahovsky.sk # 01.07.2004 add pix # #-- Source --------------------------------------------------------------------------------------------- options { use_dns(no); long_hostnames(off); sync(0); }; source local { internal(); unix-dgram("/var/run/log"); file("/dev/klog"); }; source remote { tcp(); udp(); }; #-- Source end ----------------------------------------------------------------------------------------- #-- Filters -------------------------------------------------------------------------------------------- filter only_pix { host("10.10.1.1"); }; filter only_no_pix { not host("10.10.1.1"); }; #-- filters end ---------------------------------------------------------------------------------------- #-- Local ---------------------------------------------------------------------------------------------- destination local_log { file( "/http/monitoring/www/log/local/$PROGRAM/$YEAR-$MONTH-$DAY.txt" owner(www) group(www) perm(0664) dir_owner(www) dir_perm(0775) create_dirs(yes) ); }; log { source(local); destination(local_log);}; #-- Local end ------------------------------------------------------------------------------------------ #-- Remote --------------------------------------------------------------------------------------------- destination remote_log { file( "/http/monitoring/www/log/host/$HOST/$YEAR-$MONTH-$DAY.txt" owner(www) perm(0664) dir_owner(www) dir_perm(0775) create_dirs(yes) ); }; log { source(remote); filter(only_no_pix); destination(remote_log);}; #------------------------------------------------------------------------------------------------------- #-- PIX ------------------------------------------------------------------------------------------------ destination remote_pix_log { file( "/http/monitoring/www/log/pix/$YEAR-$MONTH-$DAY.txt" owner(www) group(www) perm(0664) dir_owner(www) dir_perm(0775) create_dirs(yes) ); }; log { source(remote); filter(only_pix); destination(remote_pix_log);}; #-- PIX end -------------------------------------------------------------------------------------------- # EOF *** # add to cisco service timestamps debug datetime msec service timestamps log datetime msec logging buffered 65534 debugging logging 10.10.10.10 # I looking log file from web client. It's all. Jozef Drahovsky ----
Message From: amy wong amywsp@gmail.com <mailto:amywsp@gmail.com> I'm new in syslog-ng. Currently install syslog-ng-1.4.7. I have got the cisco router monitor, and log can be seen on /var/log/messages but not /var/log/cisco.log. My questions are do the cisco.log file will be created automatically? and would you show me the right way in setting up?
participants (2)
-
Davis, Jay
-
Jozef Drahovsky