Cisco syslog server

greystreet · 2006-05-10 14:23:32

I am using the following config from http://gentoo-wiki.com/HOWTO_Cisco_device_logging

Which works perfect, but what I would really like to do is split up all my devices into seprate log files. What I am trying to do looks like this.

source pix { udp(ip(10.10.1.1) port(514)); };

destination d_cisco { file("/var/log/pix.log"); };

filter f_cisco_info { level(info); };
filter f_cisco_notice { level(notice); };
filter f_cisco_warn { level(warn); };
filter f_cisco_crit { level(crit); };
filter f_cisco_err { level(err); };

log { source(pix); filter(f_cisco_info); destination(d_cisco); };
log { source(pix); filter(f_cisco_notice); destination(d_cisco); };
log { source(pix); filter(f_cisco_warn); destination(d_cisco); };
log { source(pix); filter(f_cisco_crit); destination(d_cisco); };
log { source(pix); filter(f_cisco_err); destination(d_cisco); };

source gateway { udp(ip(10.10.1.2) port(514)); };

destination d_cisco { file("/var/log/gateway.log"); };

filter f_cisco_info { level(info); };
filter f_cisco_notice { level(notice); };
filter f_cisco_warn { level(warn); };
filter f_cisco_crit { level(crit); };
filter f_cisco_err { level(err); };

log { source(gateway); filter(f_cisco_info); destination(d_cisco); };
log { source(gateway); filter(f_cisco_notice); destination(d_cisco); };
log { source(gateway); filter(f_cisco_warn); destination(d_cisco); };
log { source(gateway); filter(f_cisco_crit); destination(d_cisco); };
log { source(gateway); filter(f_cisco_err); destination(d_cisco); };

So if I try to start the service with the following config I will get the following error:

io.c: bind_inet_socket() bind failed 10.10.1.1:514 Cannot assign requested address

I thought then maybe it was because I was trying to do multiple devices so I removed the gateway portion of the config and still got that error. Only way I can get it to work is by changing the source IP to ALL like so.

source gateway { udp(ip(0.0.0.0) port(514)); };

This wont work very well for me though as I dont want to have all of my cisco devices dumping into the same log file. Anyone have any ideas?

Grey

greystreet · 2006-05-10 14:44:58

Solved, found on a gentoo forum a solution to the problem.

destination d_cisco { file("/var/log/cisco/$HOST.log"); };

Now it creates a seperate log file for every host dumping to the syslog server. rock on!

Arch Linux

#1 2006-05-10 14:23:32

Cisco syslog server

#2 2006-05-10 14:44:58

Re: Cisco syslog server

Board footer