[Tfug] cisco and syslog

evorrie at comcast.net evorrie at comcast.net
Wed Oct 11 19:55:51 MST 2006


I was thinking about the ports option, but I felt the grep option would be easier.  The non-routable IP range is indeed hideous, but that's an interesting way to do it.

This setup is for internal use and not intended for the general public in anyway.

How about the write/modify option.  Can you please point me in the direction for some help with that one?

--Eric
 -------------- Original message ----------------------
From: "Stephen Hooper" <stephen.hooper at gmail.com>
> Can you change the ports the syslog information is sent to?  Not
> pretty, but you could separate out the logs that way.
> 
> Or even more hideous, give your syslog host a non-routable IP range,
> get all the devices to route to it, and then assign it different IP
> addresses, and use a different IP address for each device.
> 
> Is this meant to be a solution for you, and yours; or is this meant to
> be some kind of public solution?  Either way you would probably get
> your ass kicked for suggesting that.
> 
> Apart from that, I can only think of the way you have mentioned in
> dealing with multiple devices presenting on the same facility is to do
> an equivalent grep on the hostnames, as I believe you are doing.
> 
> The best way, if you were doing this right would probably be to
> write/modify syslog to  keep separate information from separate
> machines in separate logs.
> 
> Maybe some of the fancier syslog daemons will do that for you, but
> then again, they can also do things like throw everything into a MySQL
> database, which makes the process trivial as well, but trades off on
> accessibility.
> 
> On 10/11/06, evorrie at comcast.net <evorrie at comcast.net> wrote:
> > My mission is to some how parse log files from a multitude of cisco devices.  
> Due to the limited amount of facility codes on cisco devices, I cannot make 
> individual logs for each device.  I've been able to find some information as to 
> have a script grep the log file once for each cisco device.  Then I would be 
> able to separate the logs.
> >
> > My questions are, does anybody have this similar process or is there a better 
> way of doing this?  Thanks.
> >
> 
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org






More information about the tfug mailing list