11-08-2011 07:59 PM
I see LMS adjusted syslog.conf to receive udp514 => local7.info => /var/log/syslog_info => DB
Does it mean its receiving severity info only or including everything else above (warn, crit, ...) as well?
If not, how can we extend that everithing else above info will receive the LMS syslog till DB and frontends?
thx for hints, Steffen
Solved! Go to Solution.
11-09-2011 12:32 AM
the entry means that syslogd puts all syslog messages it receives with a FACILITY of "local7" and a SEVERITY from "info" upwards into the file /var/log/syslog_info
don't mess up facility with severity, all (there are only very rare exceptions) Cisco devices sends their syslog messages with a facility of "local7" which then can be used on the receiving site to roughly filter the messages by the type of source the message comes from. See this paper for details:
http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html
and all messages with severity "info" [6] upwards means upto "emergency" [0], so only debugging messages gets dropped.
11-09-2011 12:32 AM
the entry means that syslogd puts all syslog messages it receives with a FACILITY of "local7" and a SEVERITY from "info" upwards into the file /var/log/syslog_info
don't mess up facility with severity, all (there are only very rare exceptions) Cisco devices sends their syslog messages with a facility of "local7" which then can be used on the receiving site to roughly filter the messages by the type of source the message comes from. See this paper for details:
http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html
and all messages with severity "info" [6] upwards means upto "emergency" [0], so only debugging messages gets dropped.
11-09-2011 12:41 AM
thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: