[RE: [nsp] Syslog best practices.]
Joshua Smith
joshua.ej.smith at usa.net
Fri Jan 24 16:43:08 EST 2003
from my /etc/syslog.conf on a solaris 2.6 box:
# network device logs
local1.debug /var/log/edge.log
local3.debug /var/log/switch.log
local4.debug /var/log/internal.log
local5.debug /var/log/voip.log
local6.debug /var/log/tacacs.log
local7.debug /var/log/firewall.log
granted, i use all my locals, but that is all this box does - i then
chew the files up as needed :-)
syslog-ng sounds like something i will have to look into though in the
near future.
cheers
"Doug McPherson" <dougm at ixen.com> wrote:
> I typically divide it by mapping syslog "facility code" to a class/type of
> device.
> E.g:
> Juniper routers -> local7
> Cisco routers ->local6
> Catalyst switches ->local5
> Marconi ATM gear ->local4
>
> etc.
>
> Do it however makes most sense for you. If you end up writing code to
> parse through syslogs, it makes it easier if there's some commonality of
> message format (varies across vendors, as well as within...) and source
type
> (e.g. all your border routers, or all your firewalls, etc)
>
> HTH.
>
> /doug
> --
> Douglas McPherson Ixen Associates
> ph: 978-486-9078 12 Spartan Arrow Road
> fax: 646-365-7258 Littleton, MA 01460
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -
More information about the cisco-nsp
mailing list