On Thu, 2006-03-09 at 08:52 -0800, Dave wrote:
On 2/27/06, Keith Morse kgmorse@mpcu.com wrote:
Dave wrote:
I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
My best suggestion is to take a look at syslog-ng for parsing this out. Takes a bit to get the syntax right but well worth it.
Thanks, I'll take a look at that when I get some time Right now I'm just trying to lower the noise in the syslog so I can monitor stuff with tail.
Dave, every syslog message has a FACILITY set by the program that sends the message. For example, you can tell a program to send everything to syslog with the facility set to "local3". syslog uses this to determine where to store the message. In this example, you can put "local3.* /var/log/cisco.log" into /etc/syslog.conf. However, this will only work if you can get the Cisco to tag its messages with facility=local3; you will need to look at your Cisco docs to find out how to do this.
If Cisco won't let you change the facility, you might run a second syslog daemon on another machine, and tell the Cisco to send the logs to the other machine.
-David