Re: Separate cisco router event from /var/adm/syslog/syslog.log

Ngoh Chean Siung · ‎10-05-2005

Hi,

By default, all the cicso router event will be logged into /var/adm/syslog/syslog.log

Is there any steps to save all the cisco router event into a separate file? (Exp: /var/adm/syslog/cisco.log) I think something to do with /etc/syslog.cong.

Any ideas?

regards.

Dwyane Everts_1 · ‎10-06-2005

Ngoh,

I haven't done this in my current environment, so I don't have an example to offer you. But if you man syslogd, it will help you understand using the /etc/syslog.conf file and configuring what you need.

Hope this points you in the right direction...

Dwyane

Mel Burslan · ‎10-06-2005

If you've not changed from the default settings on the cisco routers then

local7.* /var/adm/syslog/cisco.log

should put all the router logging messages into a single file. Or to set your scope to a larger local events, you can try this with the risk of capturing some non-cisco-ruter events in this log file

local0,local1,local2,local3,local4,local5,local6,local7.debug /var/adm/syslog/cisco.log

This is not my first hand experience but have heard it from one of my old network admin colleagues at one time and it got stuck in my mind

________________________________
UNIX because I majored in cryptology...

Slawomir Gora · ‎10-06-2005

Hi,

1. on router you can set logging facility:
logging facility local4

2. on server
a) touch /var/adm/syslog/cisco.log
b) modify /etc/syslog.conf file

mail.debug /var/adm/syslog/mail.log
*.info;mail.none;local4.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
local4.* /var/adm/syslog/cisco.log

c) restart syslogd
/sbin/init.d/syslogd restart

Ngoh Chean Siung · ‎10-06-2005

Hi,

Really appreciate for all of ur reply.

But I still hv some questions as below:

1) As I know, "local7" is the default configuration on Cisco devices. How about "local4"? Which one should I use?

2) What is different between local7.* and local7.debug? Can we specify what event that we want only to log into the system log?

3) What is the permission for the /var/adm/syslog/cisco.log? After I modifying the /etc/syslog.conf and restart the syslogd, the cisco.log will be auto created with permission (440 root:sys)? Is it correct?

regards.

Muthukumar_5 · ‎10-06-2005

1) cisco is generating logs from local0 to local7. You have to use based on your requirement.

Refer this: http://www.cisco.com/warp/public/117/ld_syslog.html

2) What is different between local7.* and local7.debug?

local7.* will direct all information's including debug, notice, warn, critical to your log file.

http://www.linuxhomenetworking.com/cisco-hn/syslog-cisco.htm

Is saying to use local7.notice only for this.

3) What is the permission for the /var/adm/syslog/cisco.log?

I think it will be with root:root (444) permission as like /var/adm/syslog/mail.log

hth.

Easy to suggest when don't know about the problem!

Muthukumar_5 · ‎10-06-2005

Missed to give another link:

http://www.cisco.com/warp/public/110/pixsyslog.html

hth.

Easy to suggest when don't know about the problem!

Arunvijai_4 · ‎10-06-2005

One more link,
http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci822509,00.html

-Arun

"A ship in the harbor is safe, but that is not what ships are built for"

Ermin Borovac · ‎10-06-2005

Please note that even though you can select all facilities using '*' character, you cannot do the same for severity levels.

*.debug is valid

local7.* is not valid

Instead you can use local7.debug, which will select all severity levels (debug, info, notice, warn, err, crit, alert and emerg). Similarly local7.info will select all levels above info (info, notice, warn etc).

syslogd can be run with -v option, which will make it log encoded letter/number code as a second field in syslog log file. This code will show you what facility and severity messages was logged with. See syslog(3C) for details.

Ngoh Chean Siung · ‎10-09-2005

Hi,

1. on router I set the logging facility:
logging facility local7

2. on server
a) touch /var/adm/syslog/cisco.log (permission root:sys 644)
b) modify /etc/syslog.conf file

mail.debug /var/adm/syslog/mail.log
*.info;mail.none;local7.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
local7.debug /var/adm/syslog/cisco.log

c) restart syslogd
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

But nothing log into neither in /var/adm/syslog/cisco.log nor syslog.log

Any ideas?

regards.

RAC_1 · ‎10-09-2005

The seperator beween two clumns in tab.
local7.debug /var/adm/syslog/cisco.log

There is no substitute to HARDWORK

Ngoh Chean Siung · ‎10-09-2005

Hi,

Hv try it but still cannot.

Any ideas?

regards.

Arunvijai_4 · ‎10-09-2005

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_quick_start09186a00803f5bdf.html

Have you tried something like,
Router(config)#logging buffered 51200 warning

-Arun

"A ship in the harbor is safe, but that is not what ships are built for"

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Separate cisco router event from /var/adm/syslog/syslog.log

Separate cisco router event from /var/adm/syslog/syslog.log