Thank you :)
This is basicly what my though was aswell. Just wanted it confirmed.
Regards,
Anders Synstad
Basefarm AS
On 03/30/2011 11:04 AM, Rainer Gerhards wrote:
The Cisco implementation is simply broken. You need to complain there. The
more customers complain, the better the chance this finally gets fixed. I
have talked to my contacts inside Cisco a couple of years ago, but they were
not able to initiate a correction. Looks like actual customers need to make
that move.
Rainer
-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of Anders Synstad
Sent: Wednesday, March 30, 2011 10:48 AM
To: [email protected]
Subject: [rsyslog] TCP syslogging from switches (Cisco 4948)
Hello,
I'm trying to sort out TCP syslogging from these switches, and not
surprisingly
I'm running into some problems. And I do know most of the answers to my
own questions here. Just a vague hope that someone have had the same
problems and also a nice solution (or conclude that there is no easy
solution).
I have my tcp listeners running on my central loghost server, and this is
all
working nicely. And I also have some firewalls logging TCP, and they work
nicely.
The problem is that the logs from these Cisco switches doesnt end with
ASCII
0a (line feed), so rsyslog just piles the logs up and prints them out in a
big
blob every now and then (guessing when buffer is full).
Example:
2011-03-23T23:57:35.145806+01:00 SOMESWITCH (851), with alt-sw03a.osl
GigabitEthernet1/44 (1886).<132>154002: Mar 23 22:52:34.010:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet1/44 (1886), with alt-sw03a.osl GigabitEthernet1/43
(851).<132>154003: Mar 23 22:52:34.010: %CDP-4-
NATIVE_VLAN_MISMATCH:
Native VLAN mismatch discovered on GigabitEthernet1/43 (851), with alt-
sw03a.osl GigabitEthernet1/44 (1886).<132>154004: Mar 23
22:53:34.009: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on GigabitEthernet1/44 (1886), with alt-sw03a.osl
GigabitEthernet1/43 (851).<132>154005: Mar 23 22:53:34.009:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet1/43 (851), with alt-sw03a.osl GigabitEthernet1/44
(1886).<132>154006: Mar 23 22:54:34.008: %CDP-4-
NATIVE_VLAN_MISMATCH:
Native VLAN mismatch discovered on GigabitEthernet1/44 (1886), with alt-
sw03a.osl GigabitEthernet1/43 (851).<132>154007: Mar 23
22:54:34.008: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on GigabitEthernet1/43 (851), with alt-sw03a.osl
GigabitEthernet1/44 (1886).<132>154008: Mar 23 22:55:34.007:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet1/44 (1886), with alt-sw03a.osl GigabitEthernet1/43
(851).<132>154009: Mar 23 22:55:34.007: %CDP-4-
NATIVE_VLAN_MISMATCH:
Native VLAN mismatch discovered on GigabitEthernet1/43 (851), with alt-
sw03a.osl GigabitEthernet1/44 (1886).<132>154010: Mar 23
22:56:34.005: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on GigabitEthernet1/44 (1886), with alt-sw03a.osl
GigabitEthernet1/43 (851).<132>154011: Mar 23 22:56:34.005:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
GigabitEthernet1/43 (851), with alt-sw03a.osl GigabitEthernet1/44
(1886).<132>154012: Mar 23 22:57:34.004: %CDP-4-
NATIVE_VLAN_MISMATCH:
Native VLAN mismatch discovered on GigabitEthernet1/44 (1886), with alt-
sw03a.osl GigabitEthernet1/43 (851).<132>154013: Mar 23
22:57:34.004: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch
discovered on GigabitEthernet
While the switch logs every minute, the logs gets printed to the logfile
every
6th minute in these blobs.
Has anyone else perhaps observed this? And have a nice solution?
Regards,
Anders Synstad
Basefarm AS
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
