[syslog-ng]syslog-ng and Cisco boxes
Mikko Niskanen
mikko.niskanen@soon.fi
Mon, 5 Nov 2001 09:56:26 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > On the Cisco IOS side, it took me some time to realize that
> >
> > logging source-interface Ethernet0
> >
> > is essential to do remote logging. This is the interface with the
> > ip address which have access to the remote syslog host.
> >
Yep, but IOS _does_ send out syslog even if you do not have
source-interface defined; it will label the ip packet with
the ip address of the interface through which it sends your
outgoing syslog packet. Therefore, if your syslog box can -
for some reason - be reached through more than one interface,
you might end up receiving syslog packets from same device
but with different source ip's!
One practise might be using a loopback-interface for syslog
messages source-interface. That way, even if your outgoing
source-interface goes down and your syslog box can be
reached through another interface, you still get syslog
messages.
-MNi
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBO+ZGKUXQWDVhHgF9EQIC0gCg0tMxOIs9fTYASEs+3acxV/dmjgoAn0Ap
QYeHSb5dRTtxrvtIP3rc0V77
=bduo
-----END PGP SIGNATURE-----