Syslog-ng will allow you to preprend information, such as host IP address or name, to the syslog entry. That should solve your problem.
Frank -----Original Message----- From: Farese, Jeffrey [mailto:[EMAIL PROTECTED] Sent: Friday, December 28, 2007 9:17 AM To: [email protected] Subject: [WIRELESS-LAN] Multiple controllers and syslog How have people dealt with multiple controllers and syslog. A typical syslog entry from a controller is in the format: Dec 28 09:50:18 .682 dtl_net.c:1299 DTL-1-ARP_POISON_DETECTED: STA [00:11:24:9c:4c:8a, 0.0.0.0] ARP (op 1) received with invalid SPA 169.254.99.205/TPA 169.254.99.205 Syslog interprets .682 as the hostname but I am not sure as to what exactly the string represents.(I am guessing it may be part of the oid string that represents the access point.) So with many controllers sysloging to a remote listener it is currently impossible to make any good use of the logs. I could use different facilities to represent different controllers but that is not possible in our environment as we are already using most of the other facilities for logging from other network devices plus I would still need to decode the hostname to figure out what device is actually creating the message. It would be very suboptimal if I have to parse every hostname against some sort of snmp query to make the syslogs useful. Any suggestions? Jeffrey Farese UConn UITS Network Engineering University Of Connecticut ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
