syslog from Cisco - FreeBSD not working
Hi, I'm running into a problem configuring my syslogd in order to accept messages from Routers (Cisco). Here's what I did in my syslog.conf: local7.*/var/log/cisco-syslog Fields are separated by tabs of course In /etc/rc.conf I've got the following: syslogd_flags=-a 192.168.0.0/16 matching my local network. Unfortunately I don't see anything in my syslog from the router(s). I fired up tcpdump and sure enough the syslog-packets originating from the router hit my machine. To further track this down I changed the above line in syslog.conf to read +myrouter local7.*/var/log/cisco-syslog +* Again, no syslog messages. Next try: /etc/syslog.conf: local7.*/var/log/debug.log Again, no entry in the log Sure enough I restared syslogd between every test; also I have the fields in syslog.conf separted by tabs and the log-files in questions are existent with and chmod-ed 600. Any ideas what could be wrong here - or put in another way - has anybody out there got logging from Ciscos towards a FreeBSD box running? TIA for your help! -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [freebsd-questions] syslog from Cisco - FreeBSD not working
Ewald Jenisch wrote: To further track this down I changed the above line in syslog.conf to read +myrouter local7.*/var/log/cisco-syslog +* What I did to get this working was (in syslog.conf): +printserver !* *.* /usr/log/printserver.log AND in /etc/hosts: 10.1.1.8printserver so that the 'printserver' name is resolved. No doubt a reverse DNS entry would have done the job too. My syslogd command line is like yours. Hope that might help... Howie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
syslog behaving differently with -d (was: syslog from Cisco - FreeBSD not working)
On Tue, Feb 06, 2007 at 12:00:09PM +0100, Ewald Jenisch wrote: Hi, I'm running into a problem configuring my syslogd in order to accept messages from Routers (Cisco). Here's what I did in my syslog.conf: local7.*/var/log/cisco-syslog Hi, A couple of hours after my original question I found out an interesting point: When running syslogd with the -d (debug-flag) messages get written into the file configured in /etc/syslog.conf - when running without the debug-flag nothing gets written. To be specific: With the above syslog.conf entry and /etc/rc.conf containting 'syslogd_flags=-d' I get the following output on the console: cvthname(192.168.9.95) logmsg: pri 275, flags 0, from switch1-1, msg 1390: Feb 6 13:59:40 MET: %SYS-5-CONFIG_I: Configured from console by ej1 on vty0 (192.168.9.16) Logging to FILE /var/log/cisco-syslog Sure enough this log message is in the cisco-syslog file. As soon as I turn off debug in syslog (i.e. running without the -d flag) nothing gets written to the cisco-syslog file. Why are messages only written to the file when running syslogd in debug mode?? TIA for any clue, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [freebsd-questions] syslog from Cisco - FreeBSD not working
Howard Jones wrote: Ewald Jenisch wrote: To further track this down I changed the above line in syslog.conf to read +myrouter local7.*/var/log/cisco-syslog +* What I did to get this working was (in syslog.conf): +printserver !* *.* /usr/log/printserver.log AND in /etc/hosts: 10.1.1.8printserver so that the 'printserver' name is resolved. No doubt a reverse DNS entry would have done the job too. My syslogd command line is like yours. Also, the -a flag may be used with syslogd. Hope that might help... Howie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Regards, -- .O. | Daniel Molina Wegener | C/C++ Developer ..O | dmw [at] unete [dot] cl | FOSS Coding Addict OOO | FreeBSD Linux User| Standards Rocks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
syslog from Cisco - FreeBSD - SOLVED
Hi, First of all thanks much to all who responded so quickly to my question about setting up syslogging in order to accept messages from Cisco (remote) boxes. I could finally get that thing going. Here's what I did - maybe this is of help to others running into similar problems: 1) In order for syslogd to accept messages from remote machines you've got to use the -a-flag. Here's what I've got in my /etc/rc.conf: syslogd_flags=-a 192.168.0.0/16:* Don't forget the * - it makes sure that syslogd accepts UDP packets from *every* port on the remote machine, not just the syslog-port. Typically Cisco-boxes seem to have a high-order source-port in their syslog-messages. 2) /etc/syslog.conf: Make sure that the local7-messages coming from Cisco boxes aren't logged multiple times. Typically the vanilla /etc/syslog.conf coming with FreeBSD has the following line in /etc/syslog.conf (near the top of the file): *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/message s change this to read *.notice;local7.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages This makes sure that any syslog-messages with the local7 facility don't get written to /var/log/messages. Get to the end of syslog.conf. Here you'll find something like !ppp *.* /var/log/ppp.log These is the setup for log-entries from ppp. You've got to add the following line: !* This resets logging as per man syslog.conf(5): A program or hostname specification may be reset by giving the program or hostname as `*'. Without that line the lines that you add for your Cisco logging at the end of the file (see below) will only be triggered when coming from the ppp program which almost never is the case. (You can check this using the debug-option of syslogd - see below) 3) Add your log-setup for cisco devices at the end of syslog.conf like so: local7.*/var/log/Syslog/cisco-syslog 4) Touch and chmod 600 the logfile mentioned above 5) Restart syslogd: /etc/rc.d/syslogd restart Final thoughts caveats: 1) Use TABs to separate the entries in /etc/syslog.conf 2) Running syslog in debug-mode (i.e. syslogd_flags=-d... in etc/rc.conf) is a very helpful tool in tracking down problems. It keeps syslogd running in the foreground and logs very helpful information to the console Be aware though, that syslogd in debug-mode is behaving somewhat different. It e.g.seems to ignore the -a ... flags that are otherwise necessary in order for syslog to accept messages from remote machines, i.e. accepting messages from everywhere even without the -a flag. Hope this little receipe helps others going... Thanks again for all your help, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Syslog and Cisco
I am trying to send cisco's syslog to Syslogd and i have been unsuccessful. I have modified the syslog.conf to list local6.* /var/log/cisco. I have changed rc.conf to start syslog with -a and removed the -s command. I have checked with logger. While using the logger from FreeBsd i am able to log meesage in to the cisco.log file. However from network i am not able to do so. I looked tcpdump see the packets but nothing shows in cisco.log or to all the other log files. thanks Khursheed Siddiqui ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syslog and Cisco
On Sat, 2003-11-01 at 12:33, list wrote: I am trying to send cisco's syslog to Syslogd and i have been unsuccessful. I have modified the syslog.conf to list local6.*/var/log/cisco. I have changed rc.conf to start syslog with -a and removed the -s command. I have checked with logger. While using the logger from FreeBsd i am able to log meesage in to the cisco.log file. However from network i am not able to do so. I looked tcpdump see the packets but nothing shows in cisco.log or to all the other log files. By default, Cisco devices use the local7 facility. Are you sure you did: logging facility local6 (IOS) set logging server facility local6 (CatOS) on your device(s)? Joe thanks Khursheed Siddiqui ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- PGP Key : http://www.marcuscom.com/pgp.asc signature.asc Description: This is a digitally signed message part
Re: Syslog and Cisco
On Sat, Nov 01, 2003 at 11:33:39AM -0600, list wrote: I am trying to send cisco's syslog to Syslogd and i have been unsuccessful. I have modified the syslog.conf to list local6.*/var/log/cisco. I have changed rc.conf to start syslog with -a and removed the -s command. I have checked with logger. While using the logger from FreeBsd i am able to log meesage in to the cisco.log file. However from network i am not able to do so. I looked tcpdump see the packets but nothing shows in cisco.log or to all the other log files. You have to specify a 'service' of * on the syslogd commandline (with the -a option). By default syslogd only accepts packets coming from the sysog port on the remote host. Cisco uses a dynamicly allocated port for sending the logging. Hope this helps. -- greetz Joost [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syslog and Cisco
Thanks it worked!! On Saturday 01 November 2003 02:11 pm, list wrote: that service * worked! thanks On Saturday 01 November 2003 12:06 pm, Joost Bekkers wrote: On Sat, Nov 01, 2003 at 11:33:39AM -0600, list wrote: I am trying to send cisco's syslog to Syslogd and i have been unsuccessful. I have modified the syslog.conf to list local6.* /var/log/cisco. I have changed rc.conf to start syslog with -a and removed the -s command. I have checked with logger. While using the logger from FreeBsd i am able to log meesage in to the cisco.log file. However from network i am not able to do so. I looked tcpdump see the packets but nothing shows in cisco.log or to all the other log files. You have to specify a 'service' of * on the syslogd commandline (with the -a option). By default syslogd only accepts packets coming from the sysog port on the remote host. Cisco uses a dynamicly allocated port for sending the logging. Hope this helps. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Syslog and Cisco
That worked! On Saturday 01 November 2003 12:06 pm, Joost Bekkers wrote: On Sat, Nov 01, 2003 at 11:33:39AM -0600, list wrote: I am trying to send cisco's syslog to Syslogd and i have been unsuccessful. I have modified the syslog.conf to list local6.*/var/log/cisco. I have changed rc.conf to start syslog with -a and removed the -s command. I have checked with logger. While using the logger from FreeBsd i am able to log meesage in to the cisco.log file. However from network i am not able to do so. I looked tcpdump see the packets but nothing shows in cisco.log or to all the other log files. You have to specify a 'service' of * on the syslogd commandline (with the -a option). By default syslogd only accepts packets coming from the sysog port on the remote host. Cisco uses a dynamicly allocated port for sending the logging. Hope this helps. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
