[c-nsp] Cisco boxes and Syslog-ng
Saku Ytti
saku+cisco-nsp at ytti.fi
Wed Sep 7 10:24:54 EDT 2005
On (2005-09-07 09:34 -0400), Earls, Michael wrote:
> Your syslog-ng config file should look like this
>
> destination x.x.x.x { file(/var/syslog/location1/router/routername.log);
> };
> filter f_x.x.x.x { host(x.x.x.x); };
> log { source(net); filter(f_x.x.x.x); destination(x.x.x.x); };
>
> This will filter syslog messages on the IP address "x.x.x.x"
Or use some of the macros (HOST, FULLHOST, SOURCEIP), we use
them and are happy.
We basicly do two classification, first based on facility we
either put file in yyyy-mm/core, yyyy-mm/cpe or yyyy-mm/servers directory,
then under those directories we use the macros to create file that
matches hostname.
>
>
> --
> Michael
>
> PGP Info: KeyID 0x0DFD993C
> Fingerprint F903 0325 5105 2CDB 4BF4 C88B 72F7 BA7A 28CC 598A
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joost greene
> Sent: Wednesday, September 07, 2005 9:25 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco boxes and Syslog-ng
>
> Hello,
>
> I have different sets of devices, dslams, nas, core routers, customer
> routers,...
>
> i want to syslog them all, i want to make each device log to a file
> separately to ease it up for NOC, someone suggested syslog-ng, frankly,
> i got quickly lost in its docs, the syntax isnt clear, how can i just
> easily specify to let it log per source into different files ?
>
> Regards,
> Joost
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
++ytti
More information about the cisco-nsp
mailing list