Skip to content

Syslog device preparation

Forwarding syslog messages from UNIX/Linux devices

Resource Manager has its own syslog server (zensyslog). Managed devices should point their syslog daemons to the system.

To do this, edit the /etc/rsyslog.conf file and add an entry, where 1.2.3.4 is the zensyslog IP:

  1. Log in to the target device as a super user.
  2. Open the /etc/rsyslog.conf file with a text editor (such as vi).
  3. Enter *.debug, and then press the Tab key.
  4. Enter the host name or IP address of the server. For example:

    *.debug @192.168.X.X
    
  5. Save the file and exit the file editor program.

  6. Restart the Syslog service using the command below:

    /etc/init.d/syslog restart
    

Forwarding syslog messages from a Cisco IOS router

Here are some links to Cisco commands to turn on syslog. Typically, it is easier to use syslog than SNMP traps from network devices. The most basic IOS command to send syslog messages is:

logging 1.2.3.4

Other Cisco syslog configurations

Following are additional configurations for other Cisco devices. To set up these configurations:

  1. Log in to the target router.
  2. Type the command enable at the prompt.
  3. Once you are prompted for a password, enter the correct password.
  4. Type the command config at the prompt.
  5. Type the command terminal at the configuration prompt.
  6. At the prompt, set the Syslog forwarding mechanism. See example below:

    logging <IP address of the server>
    
  7. Exit out all the prompts to the main router prompt.

Catalyst

set logging server enable set logging server 192.168.1.100 set logging level all 5 set logging server severity 6

Local Director

syslog output 20.5 no syslog console syslog host 192.168.1.100

PIX Firewalls

logging on logging standby logging timestamp logging trap notifications logging facility 19 logging host inside 192.168.1.100

Forwarding syslog messages from a Cisco CatOS switch

To forward a syslog message from a Cisco CatOS switch:

  1. Log in to the target switch.
  2. Type the command enable at the prompt.
  3. Enter the password when prompted.
  4. Set the Syslog forwarding mechanism; for example:

    set logging server <IP address of the server>
    
  5. You can set the types of logging information that you want the switch to provide with the commands below as examples:

    set logging level mgmt 7 default set logging level sys 7 default set logging level filesys 7 default
    

Forwarding syslog messages using syslog-ng

Here is an example for FreeBSD and Linux platforms.

  1. Log in to the target device as a super user.
  2. Open /etc/syslog-ng/syslog-ng.conf file with a text editor.
  3. Add source information to file. See the following examples:

    FreeBSD:

    source src { unix-dgram("/var/run/log"); internal ();};
    

    Linux: (will gather both system and kernel logs)

    source src { internal(); unix-stream("/dev/log" keep-alive(yes) max-connections(100)); pipe("/proc/kmsg"); udp(); };
    
  4. Add destination information (in this case, the server). For example:

    log { source(src); destination(zenoss); };