Syslog message classification

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
arififtikhar Thu, 10/25/2007 - 17:54
User Badges:

Try KIWI syslog daemon. You also can filter out level of logging on Cisco boxes by running;

switch(config)#logging console ?

<0-7> Logging severity level

alerts Immediate action needed (severity=1)

critical Critical conditions (severity=2)

debugging Debugging messages (severity=7)

emergencies System is unusable (severity=0)

errors Error conditions (severity=3)

guaranteed Guarantee console messages

informational Informational messages (severity=6)

notifications Normal but significant conditions (severity=5)

warnings Warning conditions (severity=4)

xml Enable logging in XML

darius.liepuonis Thu, 10/25/2007 - 23:59
User Badges:


I was using syslog-ng on linux box. You can sort events based on source ip, daemon, severity etc. eg:

filter f_pix1 {host (; };

filter f_pix2 {host (; };

filter f_auth { facility(auth, authpriv); };

filter f_info { level(info); };

filter f_notice { level(notice); };

and so on

Then send sorted/filtered messages to different destination files (source all, filter by source ip and send to separate file)

log {





Also you can sort destination files in different folders and grant different levels of access to them, or AFAIK you can use SQL (MySQL/PostgreSQL) server as your back end and use SQL server to manage different levels of access. But this will require some linux/unix knowledge. Overall syslog-nx is nice toolbox that you can customize in many ways to fit your needs.

But if the money is not concern then Cisco MARS can be used or NetIQ (don't remember exact name of their product)




This Discussion