On Thu, 2006-03-09 at 08:52 -0800, Dave wrote: > On 2/27/06, Keith Morse <kgmorse at mpcu.com> wrote: > > Dave wrote: > > > I have a cisco router sending syslog messages to a linux server. I've > > > been looking around on how to log those into a separate file and I've > > > run across using local7 in various howtos. It looks like you can have > > > 8 different local log settings, but I can't seem to find any docs on > > > how to set those up. Anyone have a howto on that? > > > > > > > My best suggestion is to take a look at syslog-ng for parsing this out. > > Takes a bit to get the syntax right but well worth it. > > Thanks, I'll take a look at that when I get some time Right now I'm > just trying to lower the noise in the syslog so I can monitor stuff > with tail. Dave, every syslog message has a FACILITY set by the program that sends the message. For example, you can tell a program to send everything to syslog with the facility set to "local3". syslog uses this to determine where to store the message. In this example, you can put "local3.* /var/log/cisco.log" into /etc/syslog.conf. However, this will only work if you can get the Cisco to tag its messages with facility=local3; you will need to look at your Cisco docs to find out how to do this. If Cisco won't let you change the facility, you might run a second syslog daemon on another machine, and tell the Cisco to send the logs to the other machine. -David