[syslog-ng]syslog-ng and Cisco boxes
jmad
than@wwa.com
Fri, 02 Nov 2001 15:42:21 -0600
Sounds good, I was able to get Solaris 8 to work with the default statement for
source.
The Cisco statement is good to, unless you have multiple paths to your logging
server. So if that ethernet connection ever dies on you, and there's still a
path for the router to physically reach your logging server, it will not work
(at least not from my experience).
Most of my routers have multiple connections to my logging server so I ended up
creating a loopback0 interface with an IP address on the router and then did a:
"logging source-interface Loopback0"
That helps when I have WAN links that go down on me. The loopback interface
stays up all the time and will find the best route out of the router to my
logging server and will still keep the loopback's IP address.
Also, if you have more than just Cisco devices logging to syslog-ng you can also
put in:
"logging facility X" (where X equals local0-7 or a few other facilities, type
"logging facility ?" to see the list).
Hope that helps,
JonM
"Brian D. Olesen" wrote:
> I am in the process of setting up a syslog server for a large number of
> Cisco boxes, and have faced some difficulties which may be due to an error
> in syslog-ng 1.4.13 on Solaris 8 regarding the source statement.
>
> source net { udp(); };
>
> As far as I can understand from the documentation, this ought to listen to
> all incoming udp packets on port 514. Contrary to the documentation, I never
> got this to work at all. I even tried to stop the native syslogd, but to no
> avail.
>
> source net { udp(ip("xxx.xxx.xxx.22") port(514)); };
>
> Stating the service ip address and syslog port works perfectly.
>
> On the Cisco IOS side, it took me some time to realize that
>
> logging source-interface Ethernet0
>
> is essential to do remote logging. This is the interface with the ip address
> which have access to the remote syslog host.
>
> Other experiences, especially best practices, with syslog-ng and Cisco boxes
> are greatly appreciated.
>
> Best regards,
>
> Brian D. Olesen
> UNIX Administrator
>
> Orange DK
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng