Re: Syslog Problem

nawas · ‎05-30-2006

New install on Sol9, RME4.0 with Dec05 update. I can't get syslog to work, I get nothing under var/log/syslog_info. Logging is enabled for this server. config archive works that tells that devices are managed, I can do netconfig job but no syslog. syslgd is also running

>> ps -ef | grep syslogd

root 210 1 0 Mar 06 ? 0:40 /usr/sbin/syslogd -t

muhamns 2319 2310 0 15:51:40 pts/1 0:00 grep syslogd

muhamns@sip10a>> netstat -a -n | grep 514

mfreeman451 · ‎05-30-2006

Can you show me your /etc/syslogd.conf please?

cat /etc/syslogd.conf

I don't have access to an RME box at the moment to show you mine but if you don't have a line dumping I think local7 to syslog_info that is your problem. If you do, try stopping and starting the syslogd daemon. I believe /etc/init.d/syslogd stop

/etc/init.d/syslogd start

does the trick

nawas · ‎05-30-2006

Hi Thanks.

Yes I have the line in syslog.conf file and also have tried stop/start syslog and reboot thebox but that didn't help either.

#END CSCOmd DO NOT EDIT BEFORE THIS LINE 1

# Added for Cisco Syslog Analyzer (begin)

local7.info /var/log/syslog_info

# Added for Cisco Syslog Analyzer (end)

nhabib · ‎05-30-2006

Check if the messages are making it to the server.

Pick an IOS device (let's say its ip address is 10.10.10.10) and as root on the server issue the command:

snoop -s 1518 -o /tmp/trace 10.10.10.10

On the device, issue the commands:

conf t

exit

This should send a syslog message to the server.

CTRL+C out of the snoop and you may use Ethereal to open the /tmp/trace file and confirm whether the syslog message made it or not

mfreeman451 · ‎05-30-2006

You can also generate syslog events with the solaris cli tool "logger"