[syslog-ng]Cisco Logging

Shaw, Richard W Richard.W.Shaw@team.telstra.com
Mon, 9 Apr 2001 09:49:18 +1000 

Hi Drew

I've tried your extra setting but I still get nothing about our cisco
routers in the cisco.log or the sys.log files I'd setup for syslog-ng. I do
however still get them via the syslogd. Is there something I'm missing out
of the source bit of the code ?

Regards
Richard

> -----Original Message-----
> From:	Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
> [SMTP:HamiltonA@hq.5sigcmd.army.mil]
> Sent:	Friday, 6 April 2001 4:03 pm
> To:	'syslog-ng@lists.balabit.hu'
> Subject:	RE: [syslog-ng]Cisco Logging
> 
> Richard,
> 
> syslog-ng does a considerably better job at filtering than does syslogd.
> This can cause you problems if you are not looking at it correctly.
> syslogd
> will log up to a priority for a facility in the syslog.conf.  syslog-ng
> will
> log only that facility given in the syslog-ng.conf.  Cisco devices log at
> the info level by default.  So only if you are getting something from the
> Cisco devices at the debug level.  If you want the same behavior as in
> syslogd you need to set your filter to "priority(info..debug)".
> 
> Regards,
> Drew
> 
> > -----Original Message-----
> > From:	Shaw, Richard W [SMTP:Richard.W.Shaw@team.telstra.com]
> > Sent:	Friday, April 06, 2001 9:50 AM
> > To:	'syslog-ng@lists.balabit.hu'
> > Subject:	[syslog-ng]Cisco Logging
> > 
> > Hi Guys
> > 
> > I've just found syslog-ng and am testing/comparing it to our current
> > syslogd
> > so I can match the logging then push everything to a syslog server.
> > 
> > My problem is that I'm getting no logs for Cisco devices, I don't even
> get
> > anything in the sys.log file(see below):
> > 
> > syslogd.conf file :
> > local7.debug	/var/log/cisco.log
> > 
> > syslog-ng.conf file:
> > source src {
> >         udp();
> >         tcp();
> >         sun-streams("/dev/log" door("/etc/.syslog_door"));
> >         internal();
> > };
> > destination d_mail { file("/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/mail.log"
> > create_dirs(yes)
> > ); };
> > destination d_cisco { file("/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/cisco.log"
> > create_dirs(ye
> > s)); };
> > destination d_sshd { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/sshd.log"
> > create_dirs(yes
> > )); };
> > destination d_tac { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/tacplus.log"
> > create_dirs(y
> > es)); };
> >  
> > destination d_sys { file( "/tmp/ng/$HOST/$YEAR/$MONTH/$DAY/sys.log"
> > create_dirs(yes))
> > ; };
> >  
> > filter f_mail        { facility(mail); };
> > filter f_cisco       { facility(local7) and priority(debug); };
> > filter f_sshd        { match("sshd"); };
> > filter f_tac         { facility(local6); };
> >  
> > log { source(src); filter(f_mail); destination(d_mail); };
> > log { source(src); filter(f_cisco); destination(d_cisco); };
> > log { source(src); filter(f_sshd); destination(d_sshd); };
> > log { source(src); filter(f_tac); destination(d_tac); };
> >  
> > 
> > log { source(src); destination(d_sys); };
> > 
> > 
> > Thanks in advance for any help
> > 
> > Regards
> > Richard Shaw
> > 
> > 
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng