[c-nsp] Any good filters for syslog output
William
willay at gmail.com
Thu Dec 18 07:02:54 EST 2008
We use a combo of syslog-ng+swatch for our filtering which can do
quite a lot for free, any more tips on what messages people are
looking for on Cisco networks would be appreciated.
Cheers,
W
2008/12/18 Eric Van Tol <eric at atlantech.net>:
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>> bounces at puck.nether.net] On Behalf Of Tuc at T-B-O-H
>> Sent: Wednesday, December 17, 2008 3:54 PM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] Any good filters for syslog output
>>
>> Hi,
>>
>> We are going to be monitoring the syslog output (We already have
>> a product (Zenoss)). Does anyone know of a repository of the "Watch
>> for these regular expressions" to decide what is worth looking into, and
>> whats worth ignoring.
>>
>> Thanks, Tuc
>
> If you're looking for a supported, proprietary product, check out Solarwinds Orion - much more than just a syslog repository, though. You are able to store syslogs in a SQL database, create rules for syslogs based upon source IP, source hostname, message type (%LINK-4-ERROR, etc.), and message contents. You can also do fancy things like forward the syslog to another syslog server, send an email/page, modify the message, and do time-of-day rules. On the downside, if all you need is a syslog server, you have to pay for the entire Orion suite, which is pretty expensive.
>
> -evt
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list