Syslog-NG for Cisco Devices

From Internetworkpro

This page or section provides device configuration instructions Please note that the information on this page has not been checked for accuracy and is not intended as a replacement to documentation. Please ensure you understand your desired objectives before attempting to apply any examples listed. See more examples at Category:Configuration

Have you ever wanted to get a Cisco device to send it's logs to your syslog-ng server? It's pretty simple to do.

First, use this guide to configure your Cisco switch or router:

http://www.linuxhomenetworking.com/cisco-hn/syslog-cisco.htm

Then just append the following to your syslog-ng.conf file. Anywhere will do. (Please note that this is the simplest of configurations for syslog-ng. It is a very powerful syslog server that can be configured in many other ways.)

source s_net { udp(ip(0.0.0.0) port(514)); }; #0.0.0.0 will bind to all interfaces on your syslog server.

destination d_cisco { file("/var/log/cisco.log"); };

log { source(s_net); destination(d_cisco); };

Cisco devices use facility Local7 by default. This is a configurable parameter. If you have other devices/servers sending UDP syslog messages to your syslog-ng box, you can filter out Cisco traffic by using the following config:

source s_net { udp(ip(0.0.0.0) port(514)); };

filter f_cisco { facility(local7); };

destination d_cisco { file("/var/log/cisco.log"); };

log { source(s_net); filter(f_cisco); destination(d_cisco); };

That's all there is to it. Restart syslog-ng and you should be seeing your Cisco logs.

Submitted by tabularasa @ #Cisco on Freenode <--tard

Edited by pants