[syslog-ng]Cisco Logging

Hamilton, Andrew Mr RAYTHEON 5 SIG CMD HamiltonA@hq.5sigcmd.army.mil
Fri, 6 Apr 2001 10:02:48 +0200 

Richard,

syslog-ng does a considerably better job at filtering than does syslogd.
This can cause you problems if you are not looking at it correctly.  syslogd
will log up to a priority for a facility in the syslog.conf.  syslog-ng will
log only that facility given in the syslog-ng.conf.  Cisco devices log at
the info level by default.  So only if you are getting something from the
Cisco devices at the debug level.  If you want the same behavior as in
syslogd you need to set your filter to "priority(info..debug)".

Regards,
Drew

> -----Original Message-----
> From:	Shaw, Richard W [SMTP:Richard.W.Shaw@team.telstra.com]
> Sent:	Friday, April 06, 2001 9:50 AM
> To:	'syslog-ng@lists.balabit.hu'
> Subject:	[syslog-ng]Cisco Logging
> 
> Hi Guys
> 
> I've just found syslog-ng and am testing/comparing it to our current
> syslogd
> so I can match the logging then push everything to a syslog server.
> 
> My problem is that I'm getting no logs for Cisco devices, I don't even get
> anything in the sys.log file(see below):
> 
> syslogd.conf file :
> local7.debug	/var/log/cisco.log
> 
> syslog-ng.conf file:
> source src {
>         udp();
>         tcp();
>         sun-streams("/dev/log" door("/etc/.syslog_door"));
>         internal();
> };
> destination d_mail { file("/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/mail.log"
> create_dirs(yes)
> ); };
> destination d_cisco { file("/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/cisco.log"
> create_dirs(ye
> s)); };
> destination d_sshd { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/sshd.log"
> create_dirs(yes
> )); };
> destination d_tac { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/tacplus.log"
> create_dirs(y
> es)); };
>  
> destination d_sys { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/sys.log"
> create_dirs(yes))
> ; };
>  
> filter f_mail        { facility(mail); };
> filter f_cisco       { facility(local7) and priority(debug); };
> filter f_sshd        { match("sshd"); };
> filter f_tac         { facility(local6); };
>  
> log { source(src); filter(f_mail); destination(d_mail); };
> log { source(src); filter(f_cisco); destination(d_cisco); };
> log { source(src); filter(f_sshd); destination(d_sshd); };
> log { source(src); filter(f_tac); destination(d_tac); };
>  
> 
> log { source(src); destination(d_sys); };
> 
> 
> Thanks in advance for any help
> 
> Regards
> Richard Shaw
> 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng