10-21-2007 09:04 AM
Hi All,
Please let me know about some good syslog collector. Also i would like to know how can we filter out different severity level messages on the collector.
I have more than 1000 devices sending syslog messages. Hence isolating informational messages on the viewer is important.
Regards
Santhosh
10-25-2007 05:54 PM
Try KIWI syslog daemon. You also can filter out level of logging on Cisco boxes by running;
switch(config)#logging console ?
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
guaranteed Guarantee console messages
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
xml Enable logging in XML
10-25-2007 11:59 PM
Hi,
I was using syslog-ng on linux box. You can sort events based on source ip, daemon, severity etc. eg:
filter f_pix1 {host (10.1.1.1); };
filter f_pix2 {host (10.1.2.1); };
filter f_auth { facility(auth, authpriv); };
filter f_info { level(info); };
filter f_notice { level(notice); };
and so on
Then send sorted/filtered messages to different destination files (source all, filter by source ip and send to separate file)
log {
source(s_all);
filter(f_pix1);
destination(df_pix1);
};
Also you can sort destination files in different folders and grant different levels of access to them, or AFAIK you can use SQL (MySQL/PostgreSQL) server as your back end and use SQL server to manage different levels of access. But this will require some linux/unix knowledge. Overall syslog-nx is nice toolbox that you can customize in many ways to fit your needs.
But if the money is not concern then Cisco MARS can be used or NetIQ (don't remember exact name of their product)
HTH.
Darius
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide