Results 1 to 5 of 5

Thread: Syslog-ng unable to log Cisco Logs

  1. #1

    Thumbs down Syslog-ng unable to log Cisco Logs

    Hi,

    I am using Fedora-8 (Syslog-ng) for collecting logs from my Cisco Router & Switches. Syslog-ng is unable to create files like cisco.log. Below is my syslog-ng.conf file. As per my config file, I understand that syslog-ng should create a file named cisco.log at "var/log/cisco.log" but no file is being created. Pls suggest if I am wrong, where to see the logs which have been collected from Cisco Router & Switches.
    ************************************************
    # syslog-ng configuration file.
    #
    # This should behave pretty much like the original syslog on RedHat. But
    # it could be configured a lot smarter.
    #
    # See syslog-ng(8) and syslog-ng.conf(5) for more information.
    #
    # 20000925
    #
    # Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
    # - for Red Hat 7.3
    # - totally do away with klogd
    # - add message "kernel:" as is done with klogd.
    #
    # Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
    # - use the log_prefix option as per Balazs Scheidler's email
    #
    # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
    # - corrected filters 'f_filter2' and 'f_filter6'
    # these filters were only allowing messages of one specific
    # priority level; they should be allowing messages from that
    # priority and upper levels.
    #
    # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
    # - Don't sync the d_mail destination
    #
    # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
    # - /proc/kmsg is a file not a pipe.
    # (
    #

    options {
    sync (1);
    time_reopen (10);
    log_fifo_size (1024);
    long_hostnames (on);
    use_dns (no);
    use_fqdn (no);
    create_dirs (yes);
    keep_hostname (yes);
    };

    source s_sys {
    file ("/proc/kmsg" log_prefix("kernel: "));
    unix-stream ("/dev/log");
    internal();
    # udp(ip(0.0.0.0) port(514));

    };

    source s_sys1 {
    file ("/proc/kmsg" log_prefix("kernel: "));
    unix-stream ("/dev/log");
    udp(ip(0.0.0.0) port(514));
    };


    destination d_cons { file("/dev/console"); };
    destination d_mesg { file("/var/log/messages"); };
    destination d_auth { file("/var/log/secure"); };
    destination d_mail { file("/var/log/maillog" sync(10)); };
    destination d_spol { file("/var/log/spooler"); };
    destination d_boot { file("/var/log/boot.log"); };
    destination d_cron { file("/var/log/cron"); };
    destination d_user { file("/var/log/other.log"); };
    destination d_mlal { usertty("*"); };
    destination d_cisco { file("/var/log/cisco.log"); };


    #filter f_filter1 { facility(kern); };
    filter f_filter2 { level(info..emerg) and
    not facility(mail,authpriv,cron); };
    filter f_filter3 { facility(authpriv); };
    filter f_filter4 { facility(mail); };
    filter f_filter5 { level(emerg); };
    filter f_filter6 { facility(uucp) or
    (facility(news) and level(crit..emerg)); };
    filter f_filter7 { facility(local7); };
    filter f_filter8 { facility(cron); };
    filter f_filter9 { facility(user); };
    filter f_filter10 { facility(local7); };


    #log { source(s_sys); filter(f_filter1); destination(d_cons); };
    log { source(s_sys); filter(f_filter2); destination(d_mesg); };
    log { source(s_sys); filter(f_filter3); destination(d_auth); };
    log { source(s_sys); filter(f_filter4); destination(d_mail); };
    log { source(s_sys); filter(f_filter5); destination(d_mlal); };
    log { source(s_sys); filter(f_filter6); destination(d_spol); };
    log { source(s_sys); filter(f_filter7); destination(d_boot); };
    log { source(s_sys); filter(f_filter8); destination(d_cron); };
    log { source(s_sys1); filter(f_filter9); destination(d_user); };
    log { source(s_sys1); filter(f_filter10); destination(d_cisco); };

  2. #2
    Hmm... I don't have much experience with this, but have you tried writing anything to the log? Maybe the file gets created after an event. How about creating the file first?
    63,000 bugs in the code, 63,000 bugs,
    ya get 1 whacked with a service pack,
    now there&#039;s 63,005 bugs in the code!!

  3. #3

    Problem Solved

    Actually Firewall was ON and hence syslog-ng was not able to accept logs. Now i am looking how to accept logs even Firewall is ON.

    Anis

  4. #4
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882
    syslog runs on port 514 UDP. Allow that as the destination port, and you should be OK.

  5. #5
    Try to set up a tcpdump and see if there's traffic incoming through syslog port

Similar Threads

  1. regarding syslog
    By lovewadhwa in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 01-13-2007, 07:06 PM
  2. TROUBLESHOOT: "Unable to open initial console"...PC UNABLE TO BOOT IN LINUX
    By sandeepundale in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 08-17-2006, 08:30 PM
  3. win - to - syslog
    By elovkoff in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 05-20-2003, 06:36 PM
  4. syslog server
    By elovkoff in forum Linux - Hardware, Networking & Security
    Replies: 6
    Last Post: 05-20-2003, 05:25 PM
  5. syslog help
    By tolstoy in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 04-26-2002, 03:52 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •