08-23-2006 02:01 PM
I am currently logging all infrastructure device logs to syslogd on SunOS 5.9. I would like to forward info messages to LMS for change notification. In syslog.conf I have added "local7.info @x.x.x.x" but LMS does not see any of the messages. I have confirmed that the message reaches the Sun box. Any insight?
08-23-2006 04:01 PM
You would need to set up remote syslog analyzer / collector:
08-24-2006 06:53 AM
I am unable to come up with any documentation on how this little guy works. All the links on cisco.com point to this page (or similiar). Does anyone have any links?
Would I send my syslog to RSC? Or would I use this as a primary syslogd?
08-24-2006 07:35 AM
In this scenario you would send your messages from your devices to the RSC. It would act as a collector and then would forward these messages to a central Syslog Analyzer running full scale RME.
You could have multiple RSC's collecting messages and then all forwarding these messages to one central server where you could run reports
More info on RSC also known as Common Syslog Collector:
08-24-2006 08:45 AM
Thanks for the reply.
I'm not really looking to do that as we have our Sun box doing the syslog colllection. We do a bunch of stuff once it gets to that box. I was hoping that I would be able to just forward those specific messgaes on to RME.
I believe syslogd will change the actual syslog message when it forwards on...which would be the problem. Apparently syslog-ng will forward on the original message.
Anyone here already doing that?
08-29-2006 05:43 AM
We're doing Syslog NG and it doesn't change the origination of the log entry ... a much better solution for log centralization with multivendor inputs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: