cisco logging to syslogd?

Discussion in 'Cisco' started by Didier, Jan 13, 2004.

  1. Didier

    Didier Guest

    Hi,
    I've these entries on my router:
    logging facility local0
    logging source-interface FastEthernet0
    logging x.y.z.y

    In my freebsd box /etc/syslogd.conf file:
    local0.* /var/log/cisco.log

    When running tcpdump, I can see that a syslog message arrives at my freebsd
    box:
    14:37:50.785983 myrouter.57372 > x.y.z.y.syslog: udp 77

    The file /var/log/cisco.log has no entries, why, what did I misconfigure?

    thx a lot?
    Didier, Jan 13, 2004
    #1
    1. Advertising

  2. Didier

    Didier Guest

    Of course :))
    > Of course you did restart the syslogd?
    >
    >
    >
    > --
    > Us - http://www.sweet-sorrow.com
    > -----
    > All trespassers will be shot,
    > survivers will be shot again.
    > Remove the bizzare part of address to reply by e-mail.
    Didier, Jan 13, 2004
    #2
    1. Advertising

  3. Didier wrote:

    > Of course :))


    And are you passing the switch to syslogd
    which tells it to accept remote messages?

    >> Of course you did restart the syslogd?




    --
    http://www.mailtrap.org.uk/
    Bob { Goddard }, Jan 13, 2004
    #3
  4. show logg is your friend...

    How many log does it say it have sent ?

    Or try :
    logg on
    logg trap deb
    HTH
    Martin Bilgrav

    "Didier" <> wrote in message
    news:4003f694$...
    > Hi,
    > I've these entries on my router:
    > logging facility local0
    > logging source-interface FastEthernet0
    > logging x.y.z.y
    >
    > In my freebsd box /etc/syslogd.conf file:
    > local0.* /var/log/cisco.log
    >
    > When running tcpdump, I can see that a syslog message arrives at my

    freebsd
    > box:
    > 14:37:50.785983 myrouter.57372 > x.y.z.y.syslog: udp 77
    >
    > The file /var/log/cisco.log has no entries, why, what did I misconfigure?
    >
    > thx a lot?
    >
    >
    Martin Bilgrav, Jan 13, 2004
    #4
  5. In article <4003f694$>, Didier <> wrote:
    >Hi,
    >I've these entries on my router:
    >logging facility local0
    >logging source-interface FastEthernet0
    >logging x.y.z.y
    >
    >In my freebsd box /etc/syslogd.conf file:
    >local0.* /var/log/cisco.log
    >

    .. . .
    >
    >The file /var/log/cisco.log has no entries, why, what did I misconfigure?


    Typical syslog failure causes (from most to least likely :)
    1 - not restarting syslogd after making changes
    2 - syslogd not configured to log remote systems
    3 - log file specified does not exist
    4 - log file exists but syslogd lacks permission to append to it
    5 - software defects

    Good luck and good hunting!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
    Vincent C Jones, Jan 13, 2004
    #5
  6. Didier

    Us Guest

    On Tue, 13 Jan 2004 14:45:59 +0100
    "Didier" <> wrote:

    > Hi,
    > I've these entries on my router:
    > logging facility local0
    > logging source-interface FastEthernet0
    > logging x.y.z.y
    >
    > In my freebsd box /etc/syslogd.conf file:
    > local0.* /var/log/cisco.log
    >
    > When running tcpdump, I can see that a syslog message arrives at my
    > freebsd box:
    > 14:37:50.785983 myrouter.57372 > x.y.z.y.syslog: udp 77
    >
    > The file /var/log/cisco.log has no entries, why, what did I
    > misconfigure?
    >
    > thx a lot?
    >
    >


    Of course you did restart the syslogd?



    --
    Us - http://www.sweet-sorrow.com
    -----
    All trespassers will be shot,
    survivers will be shot again.
    Remove the bizzare part of address to reply by e-mail.
    Us, Jan 13, 2004
    #6
  7. "Didier" <> wrote in message
    news:4003f694$...

    > In my freebsd box /etc/syslogd.conf file:
    > local0.* /var/log/cisco.log


    Make sure you don't have something higher up you config that may be
    swallowing your messages.

    I had:
    *.info;mail.none;authpriv.none;cron.none /var/log/messages

    in mine that was swallowing all the info messages. I had to change it to:
    *.info;mail.none;authpriv.none;cron.none;local5.none
    /var/log/messages

    to not swallow the local5 ones too.

    Richard.
    Richard Antony Burton, Jan 13, 2004
    #7
  8. Didier

    Didier Guest

    > And are you passing the switch to syslogd
    > which tells it to accept remote messages?

    What do you mean by "passing the switch to syslogd"?
    Didier, Jan 13, 2004
    #8
  9. Didier

    vern Guest

    have you restarted syslogd with remote host logging enabled? I think you
    do this by running syslogd -h? If in doubt man syslogd


    vern
    vern, Jan 13, 2004
    #9
  10. Didier

    vern Guest

    On Tue, 13 Jan 2004 16:59:19 +0000, vern wrote:

    > have you restarted syslogd with remote host logging enabled? I think you
    > do this by running syslogd -h? If in doubt man syslogd
    >
    >
    > vern


    sorry that should be syslogd -r
    vern, Jan 13, 2004
    #10
  11. "Didier" <> wrote in message
    news:40042149$...
    > > And are you passing the switch to syslogd
    > > which tells it to accept remote messages?

    > What do you mean by "passing the switch to syslogd"?


    On linux you need to edit /etc/sysconfig/syslog and add -r to
    SYSLOGD_OPTIONS, else it will only accept local log messages.

    Richard.
    Richard Antony Burton, Jan 13, 2004
    #11
  12. Didier

    Boris Guest

    > And are you passing the switch to syslogd
    > which tells it to accept remote messages?
    >

    Syslogd is launched with:
    syslogd -a myrouter.ip.address

    Here is my router config:
    logging facility local0
    logging source-interface FastEthernet0
    logging myrouter.ip.address

    Here is freebsd's syslog.conf (see the last line)
    *.err;kern.debug;auth.notice;mail.crit /dev/console
    *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
    /var/log/message
    security.* /var/log/security
    auth.info;authpriv.info /var/log/auth.log
    mail.info /var/log/maillog
    lpr.info /var/log/lpd-errs
    ftp.info /var/log/xferlog
    cron.* /var/log/cron
    local0.informational /var/log/cisco.log


    Here is the output of show log:
    Syslog logging: enabled (0 messages dropped, 10235 messages rate-limited,
    365 flushes, 0 overruns)
    Console logging: disabled
    Monitor logging: level informational, 0 messages logged
    Buffer logging: disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level informational, 15143 message lines logged
    Logging to myfreebsd.box.ip, 15143 message lines logged

    I'm using this config on fastethernet0:
    interface FastEthernet0
    ip address myfreebsd.box.ip
    ip access-group 111 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip inspect standard in
    speed auto
    ntp broadcast client
    no cdp enable

    Here is ip inspect standard:
    ip inspect udp idle-time 1800
    ip inspect dns-timeout 7
    ip inspect tcp idle-time 14400
    ip inspect name standard cuseeme
    ip inspect name standard ftp
    ip inspect name standard h323
    ip inspect name standard http
    ip inspect name standard rcmd
    ip inspect name standard realaudio
    ip inspect name standard smtp
    ip inspect name standard sqlnet
    ip inspect name standard streamworks
    ip inspect name standard tcp
    ip inspect name standard tftp
    ip inspect name standard udp
    ip inspect name standard vdolive

    And here is show access-list 111:
    Extended IP access list 111
    permit ip mynetwork any (85973 matches)
    deny ip any any log

    SORRY FOR THE LONG POST, but I really don't now what else to check!
    Boris, Jan 13, 2004
    #12
  13. Didier

    Martin Guest

    Didier wrote:

    > Hi,
    > I've these entries on my router:
    > logging facility local0
    > logging source-interface FastEthernet0
    > logging x.y.z.y
    >
    > In my freebsd box /etc/syslogd.conf file:
    > local0.* /var/log/cisco.log
    >
    > When running tcpdump, I can see that a syslog message arrives at my
    > freebsd box:
    > 14:37:50.785983 myrouter.57372 > x.y.z.y.syslog: udp 77
    >
    > The file /var/log/cisco.log has no entries, why, what did I misconfigure?
    >
    > thx a lot?


    As stated in an earlier thread... To quote from one of my own /etc/rc.conf
    files:

    syslogd_flags="-a 10.0.0.1/32:*" # Allow Cisco to log stuff..

    See also "man syslogd" ;-)
    Martin, Jan 25, 2004
    #13
  14. Didier

    Guest

    make sure your syslogd is running with the option to accept remote
    questions...by default..i think it only allows local..

    -Rob


    In comp.dcom.sys.cisco Martin <> wrote:
    > Didier wrote:


    >> Hi,
    >> I've these entries on my router:
    >> logging facility local0
    >> logging source-interface FastEthernet0
    >> logging x.y.z.y
    >>
    >> In my freebsd box /etc/syslogd.conf file:
    >> local0.* /var/log/cisco.log
    >>
    >> When running tcpdump, I can see that a syslog message arrives at my
    >> freebsd box:
    >> 14:37:50.785983 myrouter.57372 > x.y.z.y.syslog: udp 77
    >>
    >> The file /var/log/cisco.log has no entries, why, what did I misconfigure?
    >>
    >> thx a lot?


    > As stated in an earlier thread... To quote from one of my own /etc/rc.conf
    > files:


    > syslogd_flags="-a 10.0.0.1/32:*" # Allow Cisco to log stuff..


    > See also "man syslogd" ;-)
    , Jan 25, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    840
  2. Didier

    Re: cisco logging to syslogd?

    Didier, Jan 13, 2004, in forum: Cisco
    Replies:
    12
    Views:
    1,147
    Per Hedeland
    Jan 16, 2004
  3. Martin Bilgrav

    CiscoWorks LMS 2.2 - SyslogD ?

    Martin Bilgrav, Jun 27, 2005, in forum: Cisco
    Replies:
    0
    Views:
    989
    Martin Bilgrav
    Jun 27, 2005
  4. Mr Ping

    pix and syslogd problem

    Mr Ping, Aug 24, 2005, in forum: Cisco
    Replies:
    3
    Views:
    874
    Mr Ping
    Aug 25, 2005
  5. Christian Roos

    logging buffered vs. logging history

    Christian Roos, Feb 5, 2006, in forum: Cisco
    Replies:
    4
    Views:
    15,104
Loading...

Share This Page