Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Question on syslog for HP switches

 
Chris_Powers
Respected Contributor

Question on syslog for HP switches

Hi,

We are seeing syslog messages coming into our tools (specifically HP NA) and the data is formatted in such a way that has caused some problems:

For example:

Change detection: syslog notification received at Mar-22-17 10:14:00 Syslog message [<190>Mar 22 14:13:59 ISW001 %%10SSHS/6/SSH_LOG: -DevIP=1.2.1.2; Accepted password for hpna from 10.11.12.13 port 1670 ssh2. <br />]<br />Change detection: syslog notification received at Mar-22-17 10:14:00 Syslog message [<190>Mar 22 14:13:59 ISW001 %%10SSHS/6/SSH_LOG: -DevIP=1.2.1.2; Accepted password for hpna from 10.11.12.13 port 1670 ssh2. <br />]  
...... 

What we "expect" the formatting to be is:

Change detection: syslog notification for corp\ugrn15 received at Mar-15-17 09:48:02 Syslog message [<190>Mar 15 08:34:12 2017 6AS04BU %%10SHELL/6/SHELL_CMD(l): -DevIP=10.10.10.10-Task=vt0-IPAddr=20.20.20.20-User=user15; Command is sys]

------

Our config looks like:

info-center logbuffer size 1024
 info-center loghost source LoopBack0
 info-center loghost 10.11.12.13
 info-center source default console deny
 info-center source default monitor level informational
 info-center source default logbuffer level debugging
 info-center source default loghost level debugging

Whereas a peer who doesn't have the problem is using:

 info-center loghost source LoopBack0

info-center loghost 10.4.39.4

info-center loghost 10.4.39.4

info-center synchronous

----------

So, is the glitch that we don't have "info-center synchronous" or that we have more detailed logging enabled?  

I understand that our debug lines would give us more data, but wouldn't think that'd change the formatting of the data getting sent, but wanted to get some input.  

Thanks in advance,

Chris