[syslog-ng]syslog-ng and Cisco boxes
Brian D. Olesen
brdol@orange.dk
Fri, 2 Nov 2001 16:19:39 +0100
I am in the process of setting up a syslog server for a large number of
Cisco boxes, and have faced some difficulties which may be due to an error
in syslog-ng 1.4.13 on Solaris 8 regarding the source statement.
source net { udp(); };
As far as I can understand from the documentation, this ought to listen to
all incoming udp packets on port 514. Contrary to the documentation, I never
got this to work at all. I even tried to stop the native syslogd, but to no
avail.
source net { udp(ip("xxx.xxx.xxx.22") port(514)); };
Stating the service ip address and syslog port works perfectly.
On the Cisco IOS side, it took me some time to realize that
logging source-interface Ethernet0
is essential to do remote logging. This is the interface with the ip address
which have access to the remote syslog host.
Other experiences, especially best practices, with syslog-ng and Cisco boxes
are greatly appreciated.
Best regards,
Brian D. Olesen
UNIX Administrator
Orange DK