I have a need to do some analysis of information in our syslog.log that is further back than the 14 days that is available through the RME Syslog Analyzer.
My syslog file is currently about 130MB.
I have two questions:
1) Is there any tool available to help parse the syslog.log file so that it can be analyzed and even parts of it printed out? Because this file is so large, I am having trouble loading into applications such as Excel and even Access is very slow.
2) There are two date/times in the syslog. Here is an example:
Mar 22 11:52:53 switch.company.com 2004 Mar 22 11:54:18 CST -06:00 %MGMT-6-LOGINPASS:User logged in from workstation.company.com
It looks to me like the first date/time comes from the device iteself. Does the second date/time come from the CiscoWorks server? It does not look like the second date is used when using the Syslog Analyzer. I have checked and the Ciscoworks server is not running off NTP, unlike the network devices, and it is about 1 minute and 30 seconds off.
I have not been able to locate any information about either of these topics on cisco.com. Any assistance would be appreciated.
2) The first timestamp actually is the Server's. The second one, needless to say, comes from the device itself. You can verify this by doing a sniffer capture on the server and analyze the syslog packet.
Thanks for the info on the timestamp. That is what I thought, but I wasn't sure.
I saw something on an earlier post about logrot. It sounded like it helped to archive the logs so that they didn't grow so big (which I definitely need) but does it help any with parsing the info in those files? Or should I just use something like Excel or Access to do that?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...