I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
Dave wrote:
I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
My best suggestion is to take a look at syslog-ng for parsing this out. Takes a bit to get the syntax right but well worth it.
On Mon, 27 Feb 2006, Keith Morse wrote:
Dave wrote:
I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
My best suggestion is to take a look at syslog-ng for parsing this out. Takes a bit to get the syntax right but well worth it.
The syslog that comes with CentOS is quite capable of dealing with local7 ....
try man syslog.conf
something as simple as :-
local7.* /var/log/cisco.log
Should do the trick.
Also you have to make sure that the server is setup to receive remote syslog - you need to add a -r switch in /etc/sysconfig/syslog (it is documented in there ) , restart syslog, and make sure that port 514 udp is accessible to the host that is logging.
Regards Lance
On 2/27/06, Lance Davis lance@uklinux.net wrote:
On Mon, 27 Feb 2006, Keith Morse wrote:
Dave wrote:
I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
My best suggestion is to take a look at syslog-ng for parsing this out. Takes a bit to get the syntax right but well worth it.
The syslog that comes with CentOS is quite capable of dealing with local7 ....
try man syslog.conf
something as simple as :-
local7.* /var/log/cisco.log
Should do the trick.
Also you have to make sure that the server is setup to receive remote syslog - you need to add a -r switch in /etc/sysconfig/syslog (it is documented in there ) , restart syslog, and make sure that port 514 udp is accessible to the host that is logging.
Sorry about the delay, only two techs here of which one is my boss.
It looks like /etc/syslog.conf already has a local7 defined. It's using it for the boot messages. I did take a look at the man pages, but I only saw a reference that local0 - 7 can be logged. I'm not exactly sure what or how to set up those local logs. What, who and where is local7 or any of the locals defined?
On 2/27/06, Keith Morse kgmorse@mpcu.com wrote:
Dave wrote:
I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
My best suggestion is to take a look at syslog-ng for parsing this out. Takes a bit to get the syntax right but well worth it.
Thanks, I'll take a look at that when I get some time Right now I'm just trying to lower the noise in the syslog so I can monitor stuff with tail.
On Thu, 2006-03-09 at 08:52 -0800, Dave wrote:
On 2/27/06, Keith Morse kgmorse@mpcu.com wrote:
Dave wrote:
I have a cisco router sending syslog messages to a linux server. I've been looking around on how to log those into a separate file and I've run across using local7 in various howtos. It looks like you can have 8 different local log settings, but I can't seem to find any docs on how to set those up. Anyone have a howto on that?
My best suggestion is to take a look at syslog-ng for parsing this out. Takes a bit to get the syntax right but well worth it.
Thanks, I'll take a look at that when I get some time Right now I'm just trying to lower the noise in the syslog so I can monitor stuff with tail.
Dave, every syslog message has a FACILITY set by the program that sends the message. For example, you can tell a program to send everything to syslog with the facility set to "local3". syslog uses this to determine where to store the message. In this example, you can put "local3.* /var/log/cisco.log" into /etc/syslog.conf. However, this will only work if you can get the Cisco to tag its messages with facility=local3; you will need to look at your Cisco docs to find out how to do this.
If Cisco won't let you change the facility, you might run a second syslog daemon on another machine, and tell the Cisco to send the logs to the other machine.
-David
-
Dave -
David Johnston -
Keith Morse -
Lance Davis