Split logs on Router, Switch and FW per context

jkarkhanis · ‎08-12-2008

Hello Guys,

Can anybody point me, as how I can achieve following on Router, Switch and FW.

1. Separate logging per context (management and transaction traffic)

2. Can logs for each context be send to a separate syslog server

3. Can logs for each context be sent to a 3rd party by any other means besides syslog server

4. Can logs for shared services (using shared context) be parsed to separate only traffic for a specific client.

Thankyou.

Giuseppe Larosa · ‎08-12-2008

Hello Jayesh,

on a FWSM to have separated log files should be enough to configure logging in each context.

We do so.

Configuration can be different in each context so 2) this is possible

example:

FW-RM-TLD066-SF/SOC# sh run | inc log

logging enable

logging buffered debugging

logging host OUTSIDE 10.98.72.67

FW-RM-TLD066-SF/SOC#

3) I don't know but I don't think is possible you can use multiple syslog servers

4) log files can be parsed using scripts to filter them

Hope to help

Giuseppe

jkarkhanis · ‎08-13-2008

Hi, Giuseppe,

Thank you for the response. Would you know if system log message would include the context name in the message format?

-Jayesh

Giuseppe Larosa · ‎08-13-2008

Hello Jayesh,

in our case there are separeted log files for each context and inside evey line contains an ip address that should be context-specific.

file names are FWSM_hostname-context_name

example:

FW-SF-TLD066-Applic.txt

where FW-SF-TLD066 id FSWM hostanme and Applic is a truncated version of context name

Hope to help

Giuseppe