[syslog-ng]Syslog-ng, Mysql, and Cisco routers
Michael Earls
syslog-ng@lists.balabit.hu
Fri, 06 Feb 2004 21:50:34 -0500
Can you email the rest of your syslog-ng config, All I see is a log
file called /var/log/cisco, How do you import this into the mysql
database? When you issue show logging on the cisco you should see how
many message were sent to the log server and type of message sent.
ibr01>sh logg
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0
flushes, 0 overruns)
Console logging: level debugging, 1126 messages logged
Monitor logging: level debugging, 2 messages logged
Buffer logging: level debugging, 1126 messages logged
Exception Logging: size (8192 bytes)
Trap logging: level debugging, 481 message lines logged
Logging to 192.168.1.11, 481 message lines logged
The other thing is to run tdpdump on the log server with a filter for
only that router.
tcpdump host 'router_ip'
You could also debug ip packets on the router, instead of a debug all,
!
ip access-list 199 permit ip host 'log server ip' host 'router ip'
ip access-list 199 permit ip host 'router ip' host 'log server ip'
!
deb ip packet 199 detail
!
term mon
!
undebug all
michael
Michael Earls
Systems Analyst, Information Services
Cincinnati Children's Hospital Medical Center
Phone: 513-636-5882
Phone: 1-800-344-2462
PGP Info: KeyID 0x5EB59708
Fingerprint 108B A1D8 76F5 08A8 501A F28C 86F4 4BC5 5EB5 9708
>>> dedelman@iname.com 02/06/04 09:19PM >>>
This may be a problem of somewhat different semantics between Cisco IOS
and
syslog-ng configuration speak.
In IOS logging trap debug says send all messages of priority debug
(the
lowest possible) and higher to the logging host (10.1.1.91 in this
case.)
Syslog-ng syntax says if you say priority debug you mean only that
priority.
I suspect that if you enable yourself on a *test* router and turn on
some
debugging you will see the messages in the log file. BTW, unless you
are
attached directly to the router console port, you will need to issue
the IOS
command term monitor in order to see the debug output locally. Be real
careful about debugging a router under a heavy load since it can
quickly
turn into a self-eating doughnut and disappear into its own hole :(
--Dave
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Kevin Rothwell
Sent: Friday, February 06, 2004 2:03 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Syslog-ng, Mysql, and Cisco routers
Hello,
I have syslog-ng installed on all of my Linux boxes, logging
to a
mysql database. (This works) I would like to configure one of my
Cisco
routers to send syslog messages to this database as well. I have
modified
my syslog-ng.conf file on the mysql database box to include the
following
lines:
Facility filters
filter f_cisco { facility(local7) and priority(debug); };
destination d_cisco {file(" file("/var/log/cisco")' };
log { source(net); filter(f_cisco); destination(d_cisco); };
I have issued the following commands on my router:
logging 10.1.1.91
logging facility local7
logging trap debug
logging on
Needless to say, it isn't working. Why else would I be sending this
message. Is there anyone logging their Cisco syslog messages to a
mysql
database? If so, how can I do it on Redhat Linux? Any help would be
greatly appreciated. Thanks.
Kevin Rothwell
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
---
[This E-mail scanned for viruses by ezaccess.net]
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html