[syslog-ng] logging from Cisco
Kalin KOZHUHAROV
kalin.kozhuharov at jp.adecco.com
Thu May 24 02:31:29 CEST 2007
Bill Nash wrote:
> On Wed, 23 May 2007, Bill Nash wrote:
>
>> On Wed, 23 May 2007, Grigoreva, Yelena wrote:
>>
>>> I have enabled Cisco logging to my host SUSE 10.2. From the Wireshark tool I can see that I become the syslog messages and then I try to find them somewhere in /var/log/.... but w/t success. ;(
>>>
>>> Where are the syslog messages logged from external HW? I have set in my sysconf SYSLOGD_PARAMS="-rx -m 0" to enable external logging, but all the same-no effect.I have created local0, cisco files: I am not sure what file name should I give? where must it be specified?
>>>
>>> I will be grateful for any tip :)
>>>
>> Check local7. I think that's the default facility for Cisco devices.
>>
>
> Or local4, now that I really think on it. It depends on the type of device
> and which faction of Cisco (or purchased company) wrote the code.
Here is a part of my syslog-ng.conf, after some thorough research on the Cisco website:
#### {{{ Cisco, by device type
filter f_cisco_router { facility(local2); };
filter f_cisco_switch { facility(local3); };
filter f_cisco_firewall { facility(local4); };
filter f_cisco_vpnbox { facility(local5); };
#### Cisco, by device type }}}
...
# vim: set nowrap foldmethod=marker :
The {{{ and }}} are used by vim to mark a "fold", so that it is shown as one-line. Just my 2 yen, in case you didn't know :-)
Kalin.
--
| A | Kalin KOZHUHAROV <kalin.kozhuharov at jp.adecco.com>
| D | TEL: +81 (3) 6439-7547 MOBILE: +81 90 8496-0556
| J | IT Security Officer
| P | Adecco Japan http://www.adecco.co.jp/
More information about the syslog-ng
mailing list