[nsp] Syslog best practices.
Doug McPherson
dougm at ixen.com
Fri Jan 24 11:14:13 EST 2003
I typically divide it by mapping syslog "facility code" to a class/type of
device.
E.g:
Juniper routers -> local7
Cisco routers ->local6
Catalyst switches ->local5
Marconi ATM gear ->local4
etc.
Do it however makes most sense for you. If you end up writing code to
parse through syslogs, it makes it easier if there's some commonality of
message format (varies across vendors, as well as within...) and source type
(e.g. all your border routers, or all your firewalls, etc)
HTH.
/doug
--
Douglas McPherson Ixen Associates
ph: 978-486-9078 12 Spartan Arrow Road
fax: 646-365-7258 Littleton, MA 01460
More information about the cisco-nsp
mailing list