[nsp] Syslog best practices.

Z z at wotb.org
Fri Jan 24 14:49:59 EST 2003

On Fri, Jan 24, 2003 at 07:22:36AM -0800, James Kilton wrote:
> I'm preparing to deploy a few Syslog servers to
> receive logs from our Cisco devices, and I'm wondering
> how people typically handle having only 8 Syslog
> facilities to use per server when there are more than
> 8 Cisco devices on the network.  Do you just have all
> Cisco devices write to the same file?  Do you split it
> up randomly?  Or maybe have 1 file per criticality
> level?

   As suggested, using syslog-ng is great.  Also, I would suggest
checking out 'logcheck' or 'logsentry' ( basically the same thing ),
which will automate finding interesting messages through all the
cruft for you and e-mail you however often you wish.  I find the use
of the two to be overwhelmingly helpful.



More information about the cisco-nsp mailing list