[syslog-ng]Syslog-ng, Mysql, and Cisco routers

Noam Meltzer syslog-ng@lists.balabit.hu
Fri, 06 Feb 2004 22:21:07 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kevin,
I am not familiar with the Cisco routers, but  I can give you some
notes on what to look for when debugging this:
1. Try to sniff the network traffic to see if the logs are reaching
from your cisco products to the log-server. (I recommend on ethereal -
as you can see the contents of the logs very easily from there)
2. You're assuming that the cisco routers will be the only machines to
create "local7" facilities. ("Assumption is the mother of all fuckups :)")
Maybe you would like to filter the logs on the syslog-ng server with a
netmask or specific IPs. (There was a discussion about it just today)

Noam


Kevin Rothwell wrote:

| filter f_cisco { facility(local7) and priority(debug); };
|
| destination d_cisco {file(" file("/var/log/cisco")' };
|
| log { source(net); filter(f_cisco); destination(d_cisco); };
|
| I have issued the following commands on my router:
|
| logging 10.1.1.91 logging facility local7 logging trap debug
| logging on
|
| Needless to say, it isn't working.  Why else would I be sending
| this message.  Is there anyone logging their Cisco syslog messages
| to a mysql database?  If so, how can I do it on Redhat Linux?  Any
| help would be greatly appreciated.  Thanks.
|
| Kevin Rothwell


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAI/cycgxJvekqy4kRAhXzAJ9OGmaDTPVneTZgDjAsIcqMSpgkMQCfRtrL
/syshrelmKQVZV52w22VagI=
=RnzL
-----END PGP SIGNATURE-----