look at this, pierre helped me sometime ago:
Subject:
Re: [expert] cron and file merge questions
Date:
Wed, 04 Jul 2001 17:46:01 -0400
From:
Pierre Fortin <[EMAIL PROTECTED]>
To:
"Jose Orlando T. Ribeiro" <[EMAIL PROTECTED]>
CC:
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
References:
1 , 2 , 3
[updated reply]
"Jose Orlando T. Ribeiro" wrote:
>
> Hi Pierre!
>
> I think your idea is great... I only didn�t understood :-)
>
> what should I enable at "ip address" to receive the logging data sent by the
> cisco router???
>
> and the "facility" to use (local[0-7])... what is that??? :-)
Configure your cisco router with the following:
no logging buffered <-- logs to server rather than in memory
logging trap debugging <-- sets level of events to log (debugging = all)
logging facility local6 <-- sets facility
logging 192.168.1.123 <-- logs to host 192.168.1.123
Then, in your syslog host:
/etc/syslog.conf:
# Cisco logging
local6.* /var/log/cisco <-- I use /home/logs/RouterLog
to avoid filling /var
Forgot to mention that the above log file must exit before restarting the
daemon; can be created with: touch /var/log/cisco (assuming that's the name you
used in syslog.conf...
Note: localN in cisco must match localN in syslog.conf
Make sure syslogd is installed; then in /etc/init.d/syslog's start section:
daemon syslogd -m 0 -r
^^ add this or it won't work.
Restart syslogd with: service syslog restart
HTH,
Pierre
> thanks!
>
>
> orlando
>
> Pierre Fortin wrote:
> >
> > "Jose Orlando T. Ribeiro" wrote:
> > >
> > > I have some cisco routers that I want to save the message and error logs, since
> > > the buffers in the routers is relativelly small and will be lost if I need to
> > > reboot one of them...
> >
> > Why not use "no logging buffered", "logging <IPaddress>" and let the messages go
> > to your logging host...? You can even specify which "facility" to use
> > (local[0-7]). Then let syslog and logrotate handle most of the work...
> >
> > Pierre
bascule wrote:
>
> thanks pierre
> but i'm obviously missig something, i saw those referneces to 'local' in the
> man pages but i don't know what they mean your page lacks meaning for me,
> where can i look this up, 'man local' just gives me a list of bash stuff
>
> bascule
>
> On Thursday 31 January 2002 2:34 pm, you wrote:
>
> >
> > Depending on the number, or category of host, you can use "local[0-7]"...
> > I use different "localN" for Cisco and LinkSys... you can get a hint from
> > one of my web pages: http://pfortin.com/Linux/LinkSys/logging.shtml
> >
> > HTH,
> > Pierre
>
> --
> Windle shook his head sadly. Five exclamation marks, the sure sign of an
> insane mind.
> (Reaper Man)
>
> --------------------------------------------------------------------------------
> Want to buy your Pack or Services from MandrakeSoft?
> Go to http://www.mandrakestore.com
--
,~~v~~, ,~~v~~,
,'. .', ,'. .',
=== + === === + ===
/ ~ \ / ~ \
/\_m m_/\ /\_m m_/\
.\ +----------------------+ /.
/ ! [EMAIL PROTECTED] ! \
/ +----------------------+ \
`\m/ \m/' `\m/ \m/'
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
