[syslog-ng]Syslog Config and Cisco, Max Tnt
Evan Himmel
syslog-ng@lists.balabit.hu
Fri, 4 Jun 2004 10:50:58 -0400
This is a multi-part message in MIME format.
------=_NextPart_000_00B0_01C44A21.D1F35D60
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_00B1_01C44A21.D1F35D60"
------=_NextPart_001_00B1_01C44A21.D1F35D60
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
I have all the hardware configured correctly. My problem is that I have =
separate filters setup for my MAX TNT and Cisco Gear to log into =
different directories. One...everything logs in both my Cisco and Modems =
directory and two I am no longer getting as much detail as I did with =
the Cisco Gear. below is my config for the Cisco Gear and TNT.
#Logging for CISCO Devices
destination d_cisco_devices { file("/var/log/cisco/$HOST.log"); };
# This is out destination file. Each host will get it's own log file
# which is nice when you start using log checkers to email you about
# things in your log file.
filter f_cisco_info { level(info); };
filter f_cisco_notice { level(notice); };
filter f_cisco_warn { level(warn); };
filter f_cisco_crit { level(crit); };
filter f_cisco_err { level(err); };
filter f_cisco_debug { level(debug..emerg); };
# Sets up out filters. The thing to remember is Cisco's log at various
# levels by default unlike a lot fo daemons.
log { source(s_net); filter(f_cisco_info); destination(d_cisco_devices); =
};
log { source(s_net); filter(f_cisco_notice); =
destination(d_cisco_devices); };
log { source(s_net); filter(f_cisco_warn); destination(d_cisco_devices); =
};
log { source(s_net); filter(f_cisco_crit); destination(d_cisco_devices); =
};
log { source(s_net); filter(f_cisco_err); destination(d_cisco_devices); =
};
log { source(s_net); filter(f_cisco_debug); =
destination(d_cisco_devices); };
# Takes the logs our filters and passes them to our destination. =
Obviously
# you can do some really interestng things with this, but I haven't
# figured them out yet.
#Logging for TNT MAX Devices
destination d_modems_devices { file("/var/log/modems/$HOST.log"); };
# This is out destination file. Each host will get it's own log file
# which is nice when you start using log checkers to email you about
# things in your log file.
filter f_modems_info { level(info); };
filter f_modems_notice { level(notice); };
filter f_modems_warn { level(warn); };
filter f_modems_crit { level(crit); };
filter f_modems_err { level(err); };
# Sets up out filters.
log { source(s_net); filter(f_modems_info); =
destination(d_modems_devices); };
log { source(s_net); filter(f_modems_notice); =
destination(d_modems_devices); };
log { source(s_net); filter(f_modems_warn); =
destination(d_modems_devices); };
log { source(s_net); filter(f_modems_crit); =
destination(d_modems_devices); };
log { source(s_net); filter(f_modems_err); =
destination(d_modems_devices); };
# Takes the logs our filters and passes them to our destination. =
Obviously
# you can do some really interestng things with this, but I haven't
# figured them out yet.
Evan Himmel
Network Engineer
PrimeLink, Inc.
(518) 324-5465
http://www.primelink1.net
------=_NextPart_001_00B1_01C44A21.D1F35D60
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252"><BASE=20
href=3D"file://C:\Program Files\Common Files\Microsoft =
Shared\Stationery\">
<STYLE>BODY {
BACKGROUND-POSITION: left top; MARGIN-TOP: 75px; FONT-SIZE: 10pt; =
MARGIN-LEFT: 25px; COLOR: #000000; BACKGROUND-REPEAT: no-repeat; =
FONT-FAMILY: Arial
}
</STYLE>
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR></HEAD>
<BODY bgColor=3D#ffffff =
background=3Dcid:00af01c44a43$590376c0$c80ba8c0@elhnet.net>
<DIV>I have all the hardware configured correctly. My problem is =
that I=20
have separate filters setup for my MAX TNT and Cisco Gear to log into =
different=20
directories. One...everything logs in both my Cisco and Modems directory =
and two=20
I am no longer getting as much detail as I did with the Cisco =
Gear. below=20
is my config for the Cisco Gear and TNT.</DIV>
<DIV> </DIV>
<DIV>#Logging for CISCO Devices<BR>destination d_cisco_devices {=20
file("/var/log/cisco/$HOST.log"); };<BR># This is out destination file. =
Each=20
host will get it's own log file<BR># which is nice when you start using =
log=20
checkers to email you about<BR># things in your log file.</DIV>
<DIV> </DIV>
<DIV>filter f_cisco_info { level(info); };<BR>filter f_cisco_notice {=20
level(notice); };<BR>filter f_cisco_warn { level(warn); };<BR>filter=20
f_cisco_crit { level(crit); };<BR>filter f_cisco_err { level(err); =
};<BR>filter=20
f_cisco_debug { level(debug..emerg); };<BR># Sets up out filters. The =
thing to=20
remember is Cisco's log at various<BR># levels by default unlike a lot =
fo=20
daemons.</DIV>
<DIV> </DIV>
<DIV>log { source(s_net); filter(f_cisco_info); =
destination(d_cisco_devices);=20
};<BR>log { source(s_net); filter(f_cisco_notice); =
destination(d_cisco_devices);=20
};<BR>log { source(s_net); filter(f_cisco_warn); =
destination(d_cisco_devices);=20
};<BR>log { source(s_net); filter(f_cisco_crit); =
destination(d_cisco_devices);=20
};<BR>log { source(s_net); filter(f_cisco_err); =
destination(d_cisco_devices);=20
};<BR>log { source(s_net); filter(f_cisco_debug); =
destination(d_cisco_devices);=20
};<BR># Takes the logs our filters and passes them to our destination.=20
Obviously<BR># you can do some really interestng things with this, but I =
haven't<BR># figured them out yet.</DIV>
<DIV> </DIV>
<DIV>#Logging for TNT MAX Devices<BR>destination d_modems_devices {=20
file("/var/log/modems/$HOST.log"); };<BR># This is out destination file. =
Each=20
host will get it's own log file<BR># which is nice when you start using =
log=20
checkers to email you about<BR># things in your log file.</DIV>
<DIV> </DIV>
<DIV>filter f_modems_info { level(info); };<BR>filter f_modems_notice {=20
level(notice); };<BR>filter f_modems_warn { level(warn); };<BR>filter=20
f_modems_crit { level(crit); };<BR>filter f_modems_err { level(err); =
};<BR>#=20
Sets up out filters.</DIV>
<DIV> </DIV>
<DIV>log { source(s_net); filter(f_modems_info); =
destination(d_modems_devices);=20
};<BR>log { source(s_net); filter(f_modems_notice);=20
destination(d_modems_devices); };<BR>log { source(s_net); =
filter(f_modems_warn);=20
destination(d_modems_devices); };<BR>log { source(s_net); =
filter(f_modems_crit);=20
destination(d_modems_devices); };<BR>log { source(s_net); =
filter(f_modems_err);=20
destination(d_modems_devices); };<BR># Takes the logs our filters and =
passes=20
them to our destination. Obviously<BR># you can do some really =
interestng things=20
with this, but I haven't<BR># figured them out yet.<BR></DIV>
<DIV>Evan Himmel<BR>Network Engineer<BR>PrimeLink, Inc.<BR>(518) =
324-5465<BR><A=20
href=3D"http://www.primelink1.net">http://www.primelink1.net</A></DIV></B=
ODY></HTML>
------=_NextPart_001_00B1_01C44A21.D1F35D60--
------=_NextPart_000_00B0_01C44A21.D1F35D60
Content-Type: image/gif;
name="primelink.gif"
Content-Transfer-Encoding: base64
Content-ID: <00af01c44a43$590376c0$c80ba8c0@elhnet.net>
R0lGODlh2ABBAPcAAP/////39//v7//n5//e3v/W1v/OzvfGxv/Gxve9vf+9vfe1tfetrfelpe97
e+9SUu+Ee/etpf/Gvfe9tf/Wzv/e1v/n3v/v5//37///9//3//fe7/fO5+/G3u+11vfn7//v9//e
7/fW5++91u+tzu+cxvfG3u+lxu+UveeMtfe91u+1zudzpe+MteeErd5jlPfO3u/G1ve1zu+txu+c
ve+Ered7pedrnPfe5++Ute97pedznOdjlOdajN5Ce945c//n7/etxu+MreeEpe9znOdrlOdShN5K
e94xa//O3vfG1u+lve+Eped7nOdjjOdKe95Cc+cxa94pY+cpY/e9zvelve+cte97nOdzlOdahOdC
c945a+c5a94xY94hWuchWt4YUt4QSv/e5//G1vecte+UredrjOdSe+dKc+cxY94pWucpWt4hUucQ
St4IQucIQvfW3ve1xu+Mpe9rjOdjhO9jhOdCa+9Ca+c5Y+chUt4YSucYSt4QQt4AOecAOfetvfeM
pe+EnO97lO9ae+dSc+cxWucpUt4YQucQQt4IOecIOd4AMecAMf/W3veltfeEnO9zjO9rhO9Sc+9K
a+dCY+9CY+c5WuchSucYQucQOd4IMfecrfeUpe9je+9ac+cxUucpSuchQucIMd4AKecAKf/O1vfG
zve9xveMnO97jO9Sa+9KY+dCWuc5UucYOecQMd4IKd4AIfe1vfeElO9zhO9re+9CWucxSucpQuch
Ofettfelrfecpe9jc+9aa+9SY+9KWudCUuc5St4AGPeUnPeMlO+EjO97hO9ja+9aY+9SWuc5QgAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDAwCwAAAAA2ABBAAAI/gABCBxI
sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTThQBA8YIGVRwgFBJs6ZN
kiAErGjS40gRJmWWKNkQQMPNo0iTRgwgYkYKJ2zc8NHDJcsOITBAGFXKtSvXAHBOMOmyqGxZqmd+
rgCy1avbtyc/UMlRRAubsqTKJmLTBY2TJjlmqMARAK7hwxw1wBCSpQufRaQYLZJsNlEYLkWELFEB
Bwjiz6AjAjlRBAqbRHgnmzXbx42aHkxorIABpHDo27gHBsCxQoiRMGVHUS4redRqy1LQZGFRxkTR
3NARg1BCY4eaPsRXa8+7yPgiPmrs/qQVMoJt9PNdNYiIw8TJFj2qh2vXTnnvlrQ6Ag+1jb4/zQAj
7ICGGolQJt988XV3XBha3CDEDFSIMJN/FJakAQ4uuBcGdpIdiKBZlHlXlhtdOMHEEjLQxl+FLHIE
1glDbIFadh/WmGBZfSSiR19O2GBFVi0GmdEGMuSQBXA32lhjh91J1gd4dlhVhhIgrCjklQ0FwMEM
Q2SBxGNMGififGKaVeaY3LnBxn0/6UcYlhNpUOWcAVRppUB15kknQnqu2CefdLYVgG0aCCCCC43x
oYgbmSCSiCIIOupoJoswqigiCHaYSCaJbLpIG2qckd8MSkgI50JF8OHGqqquCoYR/2WEMFAOUq1a
qxt69ECDZ7Pa6sYWA53gKxi8EgSCFK26kYVAH4ShKh/QhsGGHqsWkGcAtYw5SiqDDvqHL9diO2Zw
vXQbwAG3DFAnBgFEEksifHTRxAAFTQgnF+Oa+V0ZAjmhJBsjDOQvXk8MtMWYKRhkg3DELQuACja6
sqIq2kpAUAPFFBTAJ+PGIgdBf1BSkDBikpJAQQZQ4pcNS4hwZ39seDifDACoMZyHpIAxkwZeDFeE
QDBs10NBG+ghnxMCLVHjKIVkQBDHqyGCAUGC8GLQAuOOIgtBgfhC0AAzamI1QQm4MsrZTvIhhRZW
yXECFbRB94Ebma42ihMgzIgjav4HrgDAB3qPkjAAKRzYRUFZHIg0AEPIx2QsqhAUgCt231IQMnEc
5MuYophCUC2REGRKcWMPZIAm4xaX2t6vMWHFCkrUdtgMIPZRQxk2cLEaI0d04AdxfYyAQw5eaMev
ErXDIFAW8/Fhbwd6E7d4Ed4xwoYT2DtBB78DEaDdKHZIjgscBxEgynEXENRLBATJMkosxhRkitlK
zsfImImAccQVbmqlFAvcWUQYCLIFA0FBaWbRw0BiIJ8cAOAEq9FDYUCApNX0QXkC6YKHFneE1bBA
Iaf4Hi0IUgFQvAwAxohFcIJREEpYgCCoGEYqCpKAV+Srfh+Sz5PYwIUzOGgtbf5BCfOIAwWCGGE1
RhACiA4nEBxgxywzAIALDMREFNxwCQKBmP0Wp0HiDA4huxhTLARBkFO0IiEZMIRxYjFC3fxiRb44
I0EMQD8c2pE++lqEjqJACB40IQhvGkkBg2MDgtjMLFgownDOMBAmWBAHAMDCagoGgCPI7GcB6OL3
kBaAx5iFCUoIpRIwOBBBqNBMuyAIL0SWkAO8YhGx4ARBChA53UCAXgMp2w3vyEsQ5dEyfbGKEN4G
B3th5C5mwSIAQDAwL5LFLHgTgSPNQooiAuAJlCHFDZbpSRwRxwuEs+BqkNaBPshsFJ8oSDLGxAjP
DQQSnSAhBQrirkVsbSANQP8GQZw2R9T18p+8zKaCWtMF2FhBBkMRQBAbEoLo+eAGRoAPiMIwAj4M
B17RY4QblJDB1bhAiiAyAhLqswKjleULRQAR0oSwy1HUEk+U0w4BCPKLQIAsGCuCgyYWMc+BRIIO
CbGAPwFKVIBKhhTe6YMetlAEv0EEgdS84QmCtqRKOVUDFoUiAAZZlhVQTy9gAFEKyjBOADSTTG0U
SAWeaJZQ8CcAuOipQDYxDDISZBeLEABBVEEMNHZil0UNbHYu6gXYnGAFMjnhQlggM1/+jHa+XI0b
nEA+oLF1EUrAKmsCgIKbmSUMAZBDWS0Z2bLEoq8DOYV8RpEMgsABFytKRSz+NFGAfTpArwNhxR/2
WZABvFKwgmXSiNTghGGq4AMLrcgQacSkLrRAIFM0C93KSpAUgCgRIFjBEgGwgeip5gQAuEE2dwAA
KazmDEJIrxDKAMmBhHE1sbBpLi1REFa8zxMakxwoODoQYhigIMQALHDxyCQ35GELUiLVB0LC1UWU
KHtNUAFBvjqZLPQARHxY8ECKEEBw8iCAPwOAJs2iBYG8oHofzGpZPKAQU9pNFwThxC8IIoAZjWIB
CRlAKKY2EEqwwiCqOOWACTzcLdDBBjMwj0k0gMyygDchZxhOE0SgmrLwgCBPABEPQDDdRfSBvxe2
IAadECIbUJU4lUUIK1T+WKYDECQV8RxIAXbaHVDw0yAHUEZBLBELBhTEApgQsB3lA6/k9GgFCrUJ
EApkFqci5JllscJWfRnFDA7ndduF7nBIYYSBdDA4LiicdEcgglKLoAOSe4AwVr3qTMx0IL1ArUBk
AV9UIGQTM9RNoDGBW/cK2n5V1uOrTqQCU3EFBk9kRB/ae5AAhKFDfeAAAKA6GTbMxNmr2clwFgcA
7ZqFDxsYCBQMZIMdaKdTfegDLEK3zwy4OwMYQEavAaAKuQJgE0JehCZeXZBiyBoAFAhOxiS3il0y
iTI58oKJTqACosxuNaBNCLITaBvdmamQJqgyIzqwhdUETCCLJs5HB2L/8cns4Igf8phCgOAAyf3C
mMfQFiXuPJBawLi/bNaEOwcCh1xUr8pqQvAOyqDg5B5GicRhIkJcACIkDIQEGs9wDiCutA6poSA+
yIvTB6KBQ3anCA3+3s0RUoCPDWQALxVIMDq2iYJkQBi1HQgtTjkKrxVEFipUE9uacAIcGD03LxhO
iRPCYbMw0mB2M0LgzdKF5S5iaARBOg0K0uRR9ECi2slRH/6bkATgeCAT0OdAMECp791iRQI4xIoI
YZzifJ4gVogDcq80ghnMgAQzIOVBOnAC3OeeIE25/e1JUHvhd6D4uGc2s25fEA2QAPfP78AKhr+C
EazgBC5AQiJ+4Ynu/nv/+6xghfd78QlcEKL7vaDEh0bRiu8DIxG+8IUn5E85HRmhCTQ7FYumQ5ct
YCI47xOAsRCAZ3M2A3g23XGAgPU+sdCAo5AIh9AFhGAGQ7AZgaR//gEEIyAERzAjATRkvkQZbgAG
P3AGO5ADMKBYGBgd02EFWTBdjRVcOBJ0WUAES+BwKxgkIDAD7tFNIChcT7IFgDEbiZaDQhIAMlAE
duBJMXhHwqVHYXAEOkADEWJMRtgiirEEgvAEmNeENgKEYdAFacEEb+MyV3gqInACO9BkRcUk+cMm
KKiCZ1ghFxIHNmBeTRJQVdYaB3YGLKN8c6h/0nQGp5GHOASEfLAF5ydIhHIYiC0iBohyHcFWVcOh
VFDQBAcFJI5ohHIhBE7QBYwmMwfnZWGIBj9BhWa4iVcoACqQA09gY6KoGjqCBOPhHKroiC34G/WT
I324AzSQircYiAEwA2bABT54I0+CBEOXex/QiMF4KgFABXUBHKPoZXwABSeYIvP2jIGoAXCwBDvA
hcFRFvECBU4wBDQgA8bGjbcYFjsAH5QRL09QBGXQAVbIjqrIFOBIIDmCBKZYBimIj+woJzDABFkQ
BVvAA0NwArHjjAJ5hSCAAzCwAktgBQzndw+ZkRq5kRzZkR75kSAZkg0REAA7
------=_NextPart_000_00B0_01C44A21.D1F35D60--