[syslog-ng]Cisco Logging

[Werner Dundler]

"Shaw, Richard W" wrote:
> 
> Hi Drew
> 
> I've tried your extra setting but I still get nothing about our cisco
> routers in the cisco.log or the sys.log files I'd setup for syslog-ng. I do
> however still get them via the syslogd. Is there something I'm missing out
> of the source bit of the code ?

maybe it helps:  (please excuse my lame english)

it works for me the following way : cisco router

logging facility daemon
logging source-interface Loopback0
logging xx.xx.xx.212
logging xx.xx.xx.213

source-interface is important because if you don't do that the sender ip
is the outgoing interface ip !!! 

the syslog servers are sun boxes. a year ago i did not managed it
letting 
syslog-ng recieving (machine)internal syslog messages(solaris problem) -
so i did a very dirty 
trick - changed the default syslog entry in the /etc/services to another
port. 
now my old sylogs comes up and listens on another udp port. 
now i can start syslog-ng with:

source net { udp(ip(xx.xx.xx.xx) port(514)); };

check which syslog is running with:

lsof -i udp:514

now you should get an  line with "syslog-ng". 

for testing use snoop or tcpdump ... 

xxxxxx:/usr/local/syslog-ng/etc>snoop -d hme0 udp port 514
Using device /dev/hme (promiscuous mode)
    zswitch5 -> xxxxxx     SYSLOG C port=1028 <190>%MGMT-6-LOGINFA

now you should get messages into you syslog-ng files. 
every following error should be a result from syslog-ng
misconfiguration. 

bye 	werner 

Life is not fair. But the root password helps 
---------------------------------------------
email:        werner.dundler@austrocontrol.at