Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Linux Box is not logging CISCO messages

I have Router 3800 series and Linux box, and cant write CISCO logging to syslog-ng. Can you help me?

I am sure that Cisco is sending messages, look at it:

extranet:/etc/syslog-ng # tcpdump -nn host 192.168.6.5

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

11:53:28.002868 IP 192.168.6.5.56121 > 192.168.1.141.514: SYSLOG local6.notice, length: 79

my Router config is:

logging buffered 128000

no logging rate-limit

no logging console

no logging monitor

logging trap debugging

logging facility local6

logging source-interface Loopback0

logging 192.168.1.141

and my linux box is:

extranet:/etc/syslog-ng # cat syslog-ng.conf

options {

long_hostnames(off);

sync(0);

perm(0640);

stats(3600);

};

source src {

internal();

udp(ip("0.0.0.0") port(514));

};

filter f_router { facility(local6);};

filter f_ROUTER01 { host("192.168.6.5"); };

destination ROUTER01 {

file("/var/log/router");

};

log {

source(src);

filter(f_router);

filter(f_ROUTER01);

destination(ROUTER01);

};

4 REPLIES
Cisco Employee

Re: Linux Box is not logging CISCO messages

Make sure syslog-ng is running, and that lsof shows that it is the process bound to udp/514. If so, try restarting it. If the inode of /var/log/router changed since syslog-ng was last started, no further messages will be seen.

New Member

Re: Linux Box is not logging CISCO messages

I am 100% sure that syslog-ng is runing.

extranet:/etc/syslog-ng # ps aux | grep syslog

root 17031 0.0 0.0 1992 484 ? Ss 10:35 0:00 /sbin/syslog-ng

root 17037 0.0 0.1 1956 656 pts/2 R+ 10:35 0:00 grep syslog

extranet:/etc/syslog-ng #

I have restarted it several times over and over, after each config changes.

extranet:/etc/syslog-ng # lsof | grep syslog

bash 16964 root cwd DIR 8,2 4096 231842 /etc/syslog-ng

syslog-ng 17031 root cwd DIR 8,2 4096 2 /

syslog-ng 17031 root rtd DIR 8,2 4096 2 /

syslog-ng 17031 root txt REG 8,2 141936 685506 /sbin/syslog-ng

syslog-ng 17031 root mem REG 0,0 0 [heap] (stat: No such file or directory)

syslog-ng 17031 root mem REG 8,2 121246 97964 /lib/libpthread-2.5.so

syslog-ng 17031 root mem REG 8,2 1491141 97938 /lib/libc-2.5.so

syslog-ng 17031 root mem REG 8,2 74840 97966 /lib/libresolv-2.5.so

syslog-ng 17031 root mem REG 8,2 94097 97949 /lib/libnsl-2.5.so

syslog-ng 17031 root mem REG 8,2 41349 97968 /lib/librt-2.5.so

syslog-ng 17031 root mem REG 8,2 129767 100968 /lib/ld-2.5.so

syslog-ng 17031 root 0u CHR 1,3 2907 /dev/null

syslog-ng 17031 root 1u CHR 1,3 2907 /dev/null

syslog-ng 17031 root 2u CHR 1,3 2907 /dev/null

syslog-ng 17031 root 3u IPv4 2915091 UDP *:syslog

lsof 17040 root cwd DIR 8,2 4096 231842 /etc/syslog-ng

grep 17041 root cwd DIR 8,2 4096 231842 /etc/syslog-ng

lsof 17042 root cwd DIR 8,2 4096 231842 /etc/syslog-ng

extranet:/etc/syslog-ng #

Cisco Employee

Re: Linux Box is not logging CISCO messages

I see nothing wrong with the device config, and the syslog-ng config looks okay, too. Do you have a packet filter enabled on this box which could be dropping the packets before they make it to syslog-ng?

New Member

Re: Linux Box is not logging CISCO messages

Thanx!! It works.

371
Views
0
Helpful
4
Replies
CreatePlease to create content