[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng]Cisco Logging
From: Werner Dundler <werner.dundler () austrocontrol ! at>
Date: 2001-04-23 10:12:38
[Download RAW message or body]
"Shaw, Richard W" wrote:
>
> Hi Drew
>
> I've tried your extra setting but I still get nothing about our cisco
> routers in the cisco.log or the sys.log files I'd setup for syslog-ng. I do
> however still get them via the syslogd. Is there something I'm missing out
> of the source bit of the code ?
maybe it helps: (please excuse my lame english)
it works for me the following way : cisco router
logging facility daemon
logging source-interface Loopback0
logging xx.xx.xx.212
logging xx.xx.xx.213
source-interface is important because if you don't do that the sender ip
is the outgoing interface ip !!!
the syslog servers are sun boxes. a year ago i did not managed it
letting
syslog-ng recieving (machine)internal syslog messages(solaris problem) -
so i did a very dirty
trick - changed the default syslog entry in the /etc/services to another
port.
now my old sylogs comes up and listens on another udp port.
now i can start syslog-ng with:
source net { udp(ip(xx.xx.xx.xx) port(514)); };
check which syslog is running with:
lsof -i udp:514
now you should get an line with "syslog-ng".
for testing use snoop or tcpdump ...
xxxxxx:/usr/local/syslog-ng/etc>snoop -d hme0 udp port 514
Using device /dev/hme (promiscuous mode)
zswitch5 -> xxxxxx SYSLOG C port=1028 <190>%MGMT-6-LOGINFA
now you should get messages into you syslog-ng files.
every following error should be a result from syslog-ng
misconfiguration.
bye werner
Life is not fair. But the root password helps
---------------------------------------------
email: werner.dundler@austrocontrol.at
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic