[c-nsp] Reliable syslog delivery
Jason Lixfeld
jason at lixfeld.ca
Fri Nov 9 07:44:45 EST 2012
I've got a fleet of ME3400s, ME3600s, 7600s and ASR9ks whose logging data I'm trying to ensure will always reach the syslog servers. The specific case is if a device ever loses network connectivity for whatever reason, it will spool up new logs in it's buffer, then spit the spool out at the syslog servers when it becomes available again.
I've been researching this over the last couple of days and I've been coming up empty. I've looked at syslog writing to flash (http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/cs_sysls.html), but from what I've been able to determine, that seems to only write logs to flash, not necessarily log-and-dump based on syslog server reachability. That notwithstanding, persistent logging doesn't seem to be supported on ME3400s or ME3600s so even if that was the feature I was looking for, I don't know if it would be the right one; I'm looking towards a one knob for all solution, ideally.
The same seems to be true for Cisco's "Reliable Delivery of Syslog" feature (http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htnmsylg.html). From what I've read, I'm not sure if this is what I want either, and it too doesn't seem to be supported on ME3400s or ME3600s.
We're using UDP transport for syslog right now, but I don't think that TCP based syslog is the magic bullet, right?
Does anyone have any experience on building a reliable logging infrastructure for their network kit?
Thanks in advance.
More information about the cisco-nsp
mailing list