Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Syslog forward

Has anyone know how to forward syslog messages to another syslog catcher from CiscoWorks LMS2.5 installed on solaris?

25 REPLIES
Cisco Employee

Re: Syslog forward

This cannot be done using any of CiscoWorks' out-of-the-box features. If your server is on Solaris, you can configure Solaris' syslogd to do this (see the man page for syslog.conf).

On both OSes, though, you could create an automated action script that forwards the syslog messages to another syslog server by creating a script that wraps a tool such as netcat, or a Perl module like Sys::Syslog. For example, the following Perl script could be used to forward messages to 10.1.1.1:

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('udp');

$Sys::Syslog::host = '10.1.1.1';

syslog(LOG_INFO|LOG_LOCAL7, $msg);

closelog;

See the online help modules http://server/help/rme/fundamentals/syslog_Defining_Automatd_Actions.html#wp1211314 and http://rtp-main:1741/help/rme/fundamentals/syslog_Guidelines_Writing_Automated_Script.html for more on Automated Actions and Automated Action scripting.

New Member

Re: Syslog forward

Thanks,

How I can see if an automated action was successfuly performed ?

Cisco Employee

Re: Syslog forward

The quickest way is to check the product of the action. That is, if your action is to forward a syslog message, check the destination syslog server to see if the message arrived. Or tack some other kind of notification into your action like calling a program from your action script to send an email.

You can also enable Syslog Analyzer debugging, and comb through the AnalyzerDebug.log, but this can be a bit of a pain.

New Member

Re: Syslog forward

I wrote the script you published and put him to /var/adm/CSCOpx/files/scripts/syslog

I have performed an procedure to create an automated action and I don't recieving syslogs in remote machine

???

Cisco Employee

Re: Syslog forward

You need more than just that script. You need to create a .sh wrapper for it, and properly call the Perl script with the message contents as argument 1. There was also a problem with the script as it was written since it assumed a newer version of Perl. This version should work with LMS 2.6 Perl:

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('inet');

$Sys::Syslog::host = '10.1.1.1';

syslog('info|local7', $msg);

closelog;

New Member

Re: Syslog forward

I am running LMS 2.6 on Solaris 9. I am looking to forward specific syslogs to another server. I see how I can create an automated action and specify a script and it looks like the script above will work. You mention that you need to create a .sh wrapper for it. What exactly does that mean?

Thanks,

Mike

Cisco Employee

Re: Syslog forward

For Automated Actions to work on Solaris, they must be Bourne shell scripts. Therefore, you will need to create a script named something like forward.sh that calls the Perl script I included. This is all documented in the RME online help for Automated Actions.

New Member

Re: Syslog forward

OK, i will take a look at that. How do you pass the message to it? I see the script is setup to accept a argument, which should be the message.

Thanks

MikeP

Cisco Employee

Re: Syslog forward

Yes, you will call the script from your .sh wrapper like:

/opt/CSCOpx/bin/perl syslog_forward.pl "$2"

New Member

Re: Syslog forward

Ok I think I have it.

So I create a script called syslog_forward.pl and put the code you provided above in it. That gets placed in the perl directory.

Then I create another script called something.sh, and that will call the syslog_forward.pl script sending the argument.

My question is how does the argument get from the automated action in Ciscoworks to the first script?

Thanks again,

MikeP

Cisco Employee

Re: Syslog forward

The Automated Action code in RME calls the AA script with the appropriate arguments. This is documented in the RME online help.

New Member

Re: Syslog forward

YOU ROCK, I have it all working. Thanks a TON for all your help. I can post it all if anyone needs it.

Mike

New Member

Re: Syslog forward

Could you please post it

New Member

Re: Syslog forward

I have applied the following batch file and perl script

perl.exe d:\progra~1\CSCOpx\files\scripts\syslog\outofbox.pl

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('inet');

$Sys::Syslog::host = '172.25.73.12';

syslog('info|local7', '$msg');

closelog;

when we ran this script manualy there wer no syntax error but we did not get any output from LMS to external Syslog Server, please note there is an automated action which displays the following

Name: sysi

Devices: *

State: Enabled

Parameters: d:/PROGRA~1/CSCOpx/files/scripts/syslog/outbox.bat

Action Type: Script

Messages: *-*-*-*:*

TIA

Cisco Employee

Re: Syslog forward

What are the contents of outbox.bat? To run this script properly, you need to do:

perl.exe outbox.pl ""

Where is a syslog message.

Cisco Employee

Re: Syslog forward

Sorry, I think I misread your email. I read the perl.exe ... line as you running the script manually. This is actually the contents of your batch script. But as I pointed out, you need to specify the argument. That is:

@ECHO OFF

D:\progra~1\cscopx\bin\perl.exe d:\progra~1\CSCOpx\files\scripts\syslog\outofbox.pl "%~2"

New Member

Re: Syslog forward

how can I enable syslog analyzer debugger?

Cisco Employee

Re: Syslog forward

To enable debugs for Syslog Analyzer you go to RME -> Admin -> System Preferences -> loglevel settings.

In the Application drop down menu, please select SyslogAnalyzer.

For Syslog Analyzer set the log Level to debug and for Syslog Analyzer User Interface set the log level to debug

Click apply

New Member

Re: Syslog forward

I have created the following script

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('udp');

$Sys::Syslog::host = '172.16.10.105';

syslog(LOG_INFO|LOG_LOCAL7, $msg);

closelog;

That an automated action runs it

d:\progra~1\CSCOpx\bin\perl.exe d:\progra~1

\CSCOpx\files\scripts\syslog\outofbox.pl

and i getting the following erros

D:\PROGRA~1\CSCOpx\files\scripts\syslog>outbox.bat

D:\PROGRA~1\CSCOpx\files\scripts\syslog>d:\progra~1\CSCOpx\bin\perl.exe d:\progr

a~1\CSCOpx\files\scripts\syslog\outofbox.pl

Bareword "LOG_INFO" not allowed while "strict subs" in use at d:\progra~1\CSCOpx

\files\scripts\syslog\outofbox.pl line 9.

Bareword "LOG_LOCAL7" not allowed while "strict subs" in use at d:\progra~1\CSCO

px\files\scripts\syslog\outofbox.pl line 9.

Execution of d:\progra~1\CSCOpx\files\scripts\syslog\outofbox.pl aborted due to

compilation errors.

Any help is appreciated

TIA

Mario

Re: Syslog forward

you missed the single quotes around

LOG_INFO|LOG_LOCAL7

so it should be

syslog('LOG_INFO|LOG_LOCAL7', $msg);

instead of

syslog(LOG_INFO|LOG_LOCAL7, $msg);

New Member

Re: Syslog forward

Thank you, now i get the following

D:\PROGRA~1\CSCOpx\files\scripts\syslog>outbox.bat

D:\PROGRA~1\CSCOpx\files\scripts\syslog>d:\progra~1\CSCOpx\bin\perl.exe d:\progr

a~1\CSCOpx\files\scripts\syslog\outofbox.pl

Invalid argument passed to setlogsock; must be 'unix' or 'inet' at d:\progra~1\C

SCOpx\files\scripts\syslog\outofbox.pl line 7

D:\PROGRA~1\CSCOpx\files\scripts\syslog>

TIA

Re: Syslog forward

OK, did not read carefully..

you cannot port you script to windows and use SYS::Syslog as this perl module is an interface to the UNIX syslogd.

Concerning syslog (and others), LMS on windows is not the same as on UNIX. Currently I have no possibility to give you an alternative, sorry..

Re: Syslog forward

OK, did not read carefully..

you cannot port you script to windows and use SYS::Syslog as this perl module is an interface to the UNIX syslogd.

Concerning syslog (and others), LMS on windows is not the same as on UNIX. Currently I have no possibility to give you an alternative, sorry..

Re: Syslog forward

OK, did not read carefully..

you cannot port you script to windows and use SYS::Syslog as this perl module is an interface to the UNIX syslogd.

Concerning syslog (and others), LMS on windows is not the same as on UNIX. Currently I have no possibility to give you an alternative, sorry..

Cisco Employee

Re: Syslog forward

You need to use the script from my later post:

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('inet');

$Sys::Syslog::host = '10.1.1.1';

syslog('info|local7', $msg);

closelog;

The first post required a newer version of Perl. This script will work both on Windows and Solaris.

733
Views
15
Helpful
25
Replies