Syslog server for Monitoring Cisco devices

Unanswered Question
Oct 27th, 2008

I am looking for Syslog server to log all logs from Cisco devices. We have more than 800 cisco devices. Can anyone tell me what syslog server should i use to log these files.

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
i00050145 Tue, 10/28/2008 - 07:44

Thanks collin. I checked the link and I am confused. I am not good at linux. Do you know any syslog server application that can run on Windows platform.

I come acroos Kiwi syslog Daemon but i don't know is it good and secure. Any comments!

Thanks!

1cmerchant Thu, 10/30/2008 - 05:51

I'm a big fan of the Kiwi syslog product and have been using it in production for almost 2 years. You can also try it for free!

It is highly configurable and has some nice options, especially in the registered/paid version.

i00050145 Wed, 11/05/2008 - 08:25

Carl,

Thanks for the reply and I have few questions about Kiwi Syslog.

What Operating system you are using for Kiwi syslog and are you using separate box or shared server.

Do you know about Kiwi Cat tools? Do we need this tool?

Thank you,

Jacob

1cmerchant Thu, 11/06/2008 - 05:10

Jacob;

We run it on a Windows 2003 server which also houses several other network management tools. As for Kiwi Cat tools, it is a great utility for managing Cisco device configurations and changes. I use it to regularly pull all my device configs so I can reference changes, archive them, etc. However, it is not neccessary to purchase the CatTools product to use the syslog product.

Hope that helps,

Carl

MATTHEW BECK Tue, 12/02/2008 - 10:40

How many messages per second do you think those 800 devices generate? If any of them are firewalls they can be really noisy. I've had great luck with the Loglogic appliances - they can handle almost anything I throw at them.

www.loglogic.com

Jim Mackley Wed, 08/10/2011 - 11:24

Has anyone used the Cisco recommendation of Buliding Scalable Syslog Solutions?

http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html#wp9000318

I used this in another organaztion and we were very successful, we currenlty use Netcool that feeds from a syslog and we get several non-actionable alarms and it's very time consuming for 13,000 devices.  I would only like to alert on 0-5 Cisco Syslog messages.  Below is the response from my Netcool Administrator (What are your thoughts?):

From my Netcool Administrator:

Regarding, using the Cisco syslog severity for alert control, I feel that is not the best way to control the work in Netcool.

1. -- Cisco is not consistent with the use of this value.

    Examples:

        In this case the important message is the lower severity alert: I would consider the BGP-3-NOTIFICATION of a 6 level of Informational

        Aug  4 03:10:01 rtgara02r01m04-lb0.us.bank-dns.com 001458: Aug  4 03:10:01: %BGP-5-ADJCHANGE: neighbor 10.93.69.106 Down BGP Notification sent

        Aug  4 03:10:02 rtgara02r01m04-lb0.us.bank-dns.com 001459: Aug  4 03:10:01: %BGP-3-NOTIFICATION: sent to neighbor 10.93.69.106 4/0 (hold time expired) 0 bytes   

        This one is near the top level of serverity per Cisco but not all that severe in reality, further this syslog has a bug where the threshold is not even exceeded

        %ENVMON-1-CPU_WARNING_OVERTEMP: Critical Warning: CPU temperature 107C exceeds threshold 110C.  Please resolve system cooling immediately to prevent system damage

        This one is reporting a standard condition:

        %ILPOWER-5-POWER_GRANTED: Interface Fa0/24: Power granted

        Here is an example of a 1 where the voice group says that nothing is wrong:

        Aug  4 13:08:42 rtgcaa75u01-01.sw.us.bank-dns.com 047489: Aug  4 11:08:41: %IVR-1-APP_PARALLEL_INVALID_LIST: Call terminated.  Huntgroup \'1\' does not contain enough valid SIP end-points to proceed with a parallel call.

Actions

This Discussion