Cisco Logging to RHEL

If you have a Cisco device logging to RHEL, here's all that's necessary:

# vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0 -r"

Check the facility listed in the Cisco configuration, and convert it into the linux syslog facility levels found on Cisco's syslog configuration documentation:

For example, Cisco's facility 19 is the same as linux's facility 3.

# vi /etc/syslog.conf
*.info;mail.none;authpriv.none;cron.none;local3.none;   /var/log/messages
local3.*                                                /var/log/cisco.log

Add local3.none; to the /var/log/messages line and add the local3.* line at the bottom of the file.

Restart syslog with /etc/init.d/syslog restart. Verify that the syslog server is listening on port 514 and then tail your new /var/log/cisco.log:

# netstat -plan | grep 514
udp        0      0 0.0.0.0:514                 0.0.0.0:*                               3770/syslogd
This entry was posted on 06/02/2007 (Tuesday) at 3:48 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Printed from: http://rackerhacker.com/2007/02/06/cisco-logging-to-rhel/ .
© Major Hayden 2012.

Leave a Reply

 

  • Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you find the information useful. If you spot something that's incorrect or confusing, please write a comment and let me know. Drop me a line if there's something you want to know more about and I'll do my best to write a post on the topic.
    -- Major Hayden

    Flattr this