[nsp] Syslog best practices.
Z
z at wotb.org
Fri Jan 24 14:49:59 EST 2003
On Fri, Jan 24, 2003 at 07:22:36AM -0800, James Kilton wrote:
> I'm preparing to deploy a few Syslog servers to
> receive logs from our Cisco devices, and I'm wondering
> how people typically handle having only 8 Syslog
> facilities to use per server when there are more than
> 8 Cisco devices on the network. Do you just have all
> Cisco devices write to the same file? Do you split it
> up randomly? Or maybe have 1 file per criticality
> level?
As suggested, using syslog-ng is great. Also, I would suggest
checking out 'logcheck' or 'logsentry' ( basically the same thing ),
which will automate finding interesting messages through all the
cruft for you and e-mail you however often you wish. I find the use
of the two to be overwhelmingly helpful.
Cheers,
.z
More information about the cisco-nsp
mailing list