[c-nsp] Reliable syslog delivery
Nick Hilliard
nick at foobar.org
Fri Nov 9 08:02:48 EST 2012
On 09/11/2012 12:44, Jason Lixfeld wrote:
> I've got a fleet of ME3400s, ME3600s, 7600s and ASR9ks whose logging
> data I'm trying to ensure will always reach the syslog servers. The
> specific case is if a device ever loses network connectivity for
> whatever reason, it will spool up new logs in it's buffer, then spit the
> spool out at the syslog servers when it becomes available again.
>
> I've been researching this over the last couple of days and I've been
> coming up empty. I've looked at syslog writing to flash
> (http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/cs_sysls.html),
> but from what I've been able to determine, that seems to only write logs
> to flash
Uh, don't do that on devices with flash which is not designed for constant
writes. You will end up trashing the flash and the entire device will be
rendered useless.
> The same seems to be true for Cisco's "Reliable Delivery of Syslog"
> feature
> (http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htnmsylg.html). From
> what I've read, I'm not sure if this is what I want either, and it too
> doesn't seem to be supported on ME3400s or ME3600s.
Yeah, BEEP never really took off.
At the moment, there is no means of guaranteed way of remote logging on
cisco kit, and it turns out that this is a slightly messy problem to solve
in the general case. If you want to write to an internal storage device on
the router / switch, always write to an removable flash device so that you
don't trash the built-in flash (obviously, this doesn't apply to devices
with hard drives like ASR9ks / ASR1ks).
Nick
More information about the cisco-nsp
mailing list