Remote Cisco logging
The following steps were used to log Cisco router messages to a Solaris
8 host via syslog. In this example, all Cisco router messages with a
severity of "informational" or higher (i.e. more severe) are logged to /var/log/cisco.
Changes to the UNIX system:
1. Add the following line to /etc/syslog.conf:
2. Create the log file:
3. Send the syslogd process a
HUP signal for syslog.conf
changes to take effect.
Commands to execute on the Cisco router:
logging facility local7
(use local7 syslog facility)
logging trap level_of_debugging
(default is "informational")
More information on relevant Cisco router commands:
1. Was the log file created with "touch"? Syslog daemons generally do
not create new files, but only append to existing files.
2. Does syslog.conf contain
extra whitespace? A single space or tab character(s) may separate
columns in syslog.conf. Run cat -vet /etc/syslog.conf to check
for extra whitespace.
3. Is a wildcard used for a syslog severity? For example, Solaris
syslog does not support local7.*
as a facility/severity combination. Instead, use local7.debug.
4. Run logger -p facility.severity "Test message" and
check the contents of the appropriate log file to test logging.
ex. Run logger -p local7.info "Test
message" and check /var/log/cisco
to see if "Test message" appears.
5. Is the syslog daemon listening for remote messages? Solaris' syslog
daemon by default accepts remote syslog messages, although other Unices
Syslog uses UDP port 514 to send messages, so UDP port 514 traffic must
be able to get from the Cisco router to the UNIX host, in case a
packet-filtering device separates the two.
Back to brandonhutchinson.com.
Last modified: 09/30/2003