[syslog-ng] logging from Cisco
Nate Campi
nate at campin.net
Thu May 24 16:09:56 CEST 2007
On Wed, May 23, 2007 at 11:52:48PM -0700, Tom Le wrote:
> >Here is a part of my syslog-ng.conf, after some thorough research
> >on the Cisco website:
> >
> >#### {{{ Cisco, by device type
> >filter f_cisco_router { facility(local2); };
> >filter f_cisco_switch { facility(local3); };
> >filter f_cisco_firewall { facility(local4); };
> >filter f_cisco_vpnbox { facility(local5); };
> >#### Cisco, by device type }}}
>
> Keep in mind that if you have any other devices sending messages using the
> same facility as above, you may inadvertently filter those messages as
> well. You can match some text strings within the messages themselves or use
> a regex. Regex is more accurate but can have performance impact on busy
> syslog-ng server.
Good point(s).
I tend to use a different IP (often just a virual interface) as the
source for host and network device syslog. It ends up help in a lot of
cases.
--
Nate
First Law of System Requirements:
"Anything is possible if you don't know what you're talking about..."
More information about the syslog-ng
mailing list