[syslog-ng]syslog-ng and Cisco boxes
Allen Bettilyon
allen@about-inc.com
Fri, 02 Nov 2001 14:15:35 -0700
Brian,
I am logging all of my cisco equipment without a problem. I am running syslog-ng on a linux machine.
My config has the following line to accept from all network hosts:
source net { udp(ip(0.0.0.0) port(514)); };
You might find that forcing the cisco box to a particular facility will be helpfull. For example:
logging facility local3
-- Allen
"Brian D. Olesen" wrote:
> I am in the process of setting up a syslog server for a large number of
> Cisco boxes, and have faced some difficulties which may be due to an error
> in syslog-ng 1.4.13 on Solaris 8 regarding the source statement.
>
> source net { udp(); };
>
> As far as I can understand from the documentation, this ought to listen to
> all incoming udp packets on port 514. Contrary to the documentation, I never
> got this to work at all. I even tried to stop the native syslogd, but to no
> avail.
>
> source net { udp(ip("xxx.xxx.xxx.22") port(514)); };
>
> Stating the service ip address and syslog port works perfectly.
>
> On the Cisco IOS side, it took me some time to realize that
>
> logging source-interface Ethernet0
>
> is essential to do remote logging. This is the interface with the ip address
> which have access to the remote syslog host.
>
> Other experiences, especially best practices, with syslog-ng and Cisco boxes
> are greatly appreciated.
>
> Best regards,
>
> Brian D. Olesen
> UNIX Administrator
>
> Orange DK
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng