- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Question on syslog for HP switches
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2017 07:50 AM
03-22-2017 07:50 AM
Question on syslog for HP switches
Hi,
We are seeing syslog messages coming into our tools (specifically HP NA) and the data is formatted in such a way that has caused some problems:
For example:
Change detection: syslog notification received at Mar-22-17 10:14:00 Syslog message [<190>Mar 22 14:13:59 ISW001 %%10SSHS/6/SSH_LOG: -DevIP=1.2.1.2; Accepted password for hpna from 10.11.12.13 port 1670 ssh2. <br />]<br />Change detection: syslog notification received at Mar-22-17 10:14:00 Syslog message [<190>Mar 22 14:13:59 ISW001 %%10SSHS/6/SSH_LOG: -DevIP=1.2.1.2; Accepted password for hpna from 10.11.12.13 port 1670 ssh2. <br />]
......
What we "expect" the formatting to be is:
Change detection: syslog notification for corp\ugrn15 received at Mar-15-17 09:48:02 Syslog message [<190>Mar 15 08:34:12 2017 6AS04BU %%10SHELL/6/SHELL_CMD(l): -DevIP=10.10.10.10-Task=vt0-IPAddr=20.20.20.20-User=user15; Command is sys]
------
Our config looks like:
info-center logbuffer size 1024 info-center loghost source LoopBack0 info-center loghost 10.11.12.13 info-center source default console deny info-center source default monitor level informational info-center source default logbuffer level debugging info-center source default loghost level debugging
Whereas a peer who doesn't have the problem is using:
info-center loghost source LoopBack0
info-center loghost 10.4.39.4
info-center loghost 10.4.39.4
info-center synchronous
----------
So, is the glitch that we don't have "info-center synchronous" or that we have more detailed logging enabled?
I understand that our debug lines would give us more data, but wouldn't think that'd change the formatting of the data getting sent, but wanted to get some input.
Thanks in advance,
Chris
- Tags:
- syslog