[syslog-ng] syslog-ng and cisco's problem
Rębelski, Michał
michal.rebelski at playmobile.pl
Wed Mar 28 11:29:29 CEST 2007
Hi all,
I'm trying to set up a syslog-ng 2.0.0 on Red Hat Enterprise 4.0 i386 edition.
I have already set up my /etc/syslog-ng.conf file in following way:
[root at swlogg02 cisco]# cat /etc/syslog-ng.conf
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_cisco {
udp(ip(0.0.0.0) port(514));
};
destination d_cisco_d { file("/var/log/cisco/$HOST/$YEAR/$MONTH/$DAY/log"); };
destination d_cisco_c { file("/var/log/cisco/$HOST/$YEAR/$MONTH/$DAY/log"); };
filter f_cisco_d { level(debug); };
filter f_cisco_c { level(crit); };
log { source(s_cisco); filter(f_cisco_d); destination(d_cisco_d); };
log { source(s_cisco); filter(f_cisco_c); destination(d_cisco_c); };
but I only got logs from only one machine, for your information from ASA5520. I would liek to receive messages from almost 50 machines (routers/switches/firewalls, etc). As general I set up on firewalls critical level of logging and on router/switches debug.
Could you please tell me what I did wrong?
regards
--
Michał Rębelski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070328/4cae2405/attachment.html
More information about the syslog-ng
mailing list