[nsp] cant get syslog to work
Niels Bakker
niels=cisco-nsp at bakker.net
Sat Jul 12 03:18:53 EDT 2003
> On Fri, Jul 11, 2003 at 03:06:24PM -0400, James hampton wrote:
>> I have our core router set to log to one of our freebsd servers, its
>> set for "logging facility local0".
>> On the server side I put the following entry in the syslog.conf file:
>> local0.* /var/log/core.log
* gert at greenie.muc.de (Gert Doering) [Sat 12 Jul 2003, 02:07 CEST]:
> Put "local0.debug" in there. Many syslogds will take the "*" only on
> the left side (facility) not on the right side (level). "debug"
> catches "debug or higher" == "all".
FreeBSD's syslogd does. As far as I could tell from James's original
message he did everything right - the router is logging remotely because
messages end up in /var/log/messages, FreeBSD's syslogd isn't that picky
about tabs anymore (if you have a halfway recent version of FreeBSD),
asterisks work as expected (unlike Solaris syslogd).
Three tips:
- Run a network sniffer and/or start syslogd in debug mode, to see
whether local0 is really used, to exclude IOS bugs;
- Check syslogd.conf for lines starting with `!' or `#!' just above the
/var/log/core.log line that would make syslogd match only on certain
processes;
- Check for malformed lines above the /var/log/core.log line that could
make syslogd stop parsing its configuration file.
Otherwise I wouldn't know either. :) Good luck, please post here if
you manage to find a resolution; you've definitely piqued my curiosity.
-- Niels.
--
More information about the cisco-nsp
mailing list