Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Syslog server for Monitoring Cisco devices

I am looking for Syslog server to log all logs from Cisco devices. We have more than 800 cisco devices. Can anyone tell me what syslog server should i use to log these files.

Thank you.

12 REPLIES

Re: Syslog server for Monitoring Cisco devices

Check out http://www.rsyslog.com/

Hope that helps.

New Member

Re: Syslog server for Monitoring Cisco devices

Thanks collin. I checked the link and I am confused. I am not good at linux. Do you know any syslog server application that can run on Windows platform.

I come acroos Kiwi syslog Daemon but i don't know is it good and secure. Any comments!

Thanks!

New Member

Re: Syslog server for Monitoring Cisco devices

I'm a big fan of the Kiwi syslog product and have been using it in production for almost 2 years. You can also try it for free!

It is highly configurable and has some nice options, especially in the registered/paid version.

New Member

Re: Syslog server for Monitoring Cisco devices

Carl,

Thanks for the reply and I have few questions about Kiwi Syslog.

What Operating system you are using for Kiwi syslog and are you using separate box or shared server.

Do you know about Kiwi Cat tools? Do we need this tool?

Thank you,

Jacob

New Member

Re: Syslog server for Monitoring Cisco devices

Jacob;

We run it on a Windows 2003 server which also houses several other network management tools. As for Kiwi Cat tools, it is a great utility for managing Cisco device configurations and changes. I use it to regularly pull all my device configs so I can reference changes, archive them, etc. However, it is not neccessary to purchase the CatTools product to use the syslog product.

Hope that helps,

Carl

New Member

Re: Syslog server for Monitoring Cisco devices

For 800 devices you should look into a scalable solution. Maybe a commercial product like sawmill is what you need.

http://www.sawmill.net/

New Member

Re: Syslog server for Monitoring Cisco devices

Depending on how much you want to spend. The best product I found was SolarWinds Orion. With 800 Cisco devices I would use it. It is expense but does everything you need for one person to manage 800 devices.

New Member

Re: Syslog server for Monitoring Cisco devices

I have used Kiwi Syslog. They also offer a lot of other really nice tools that you will find helpful.

http://www.kiwisyslog.com/

-Bill

New Member

Re: Syslog server for Monitoring Cisco devices

How many messages per second do you think those 800 devices generate? If any of them are firewalls they can be really noisy. I've had great luck with the Loglogic appliances - they can handle almost anything I throw at them.

www.loglogic.com

New Member

Re: Syslog server for Monitoring Cisco devices

see solar winds kiwi syslog server

Silver

Re: Syslog server for Monitoring Cisco devices

Eventpulse is the best tool for windows platform, bar none, and free too.

http://pulse.prismmicrosys.com/pulseAboutPrism.php

New Member

Re: Syslog server for Monitoring Cisco devices

Has anyone used the Cisco recommendation of Buliding Scalable Syslog Solutions?

http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html#wp9000318

I used this in another organaztion and we were very successful, we currenlty use Netcool that feeds from a syslog and we get several non-actionable alarms and it's very time consuming for 13,000 devices.  I would only like to alert on 0-5 Cisco Syslog messages.  Below is the response from my Netcool Administrator (What are your thoughts?):

From my Netcool Administrator:

Regarding, using the Cisco syslog severity for alert control, I feel that is not the best way to control the work in Netcool.

1. -- Cisco is not consistent with the use of this value.

    Examples:

        In this case the important message is the lower severity alert: I would consider the BGP-3-NOTIFICATION of a 6 level of Informational

        Aug  4 03:10:01 rtgara02r01m04-lb0.us.bank-dns.com 001458: Aug  4 03:10:01: %BGP-5-ADJCHANGE: neighbor 10.93.69.106 Down BGP Notification sent

        Aug  4 03:10:02 rtgara02r01m04-lb0.us.bank-dns.com 001459: Aug  4 03:10:01: %BGP-3-NOTIFICATION: sent to neighbor 10.93.69.106 4/0 (hold time expired) 0 bytes   

        This one is near the top level of serverity per Cisco but not all that severe in reality, further this syslog has a bug where the threshold is not even exceeded

        %ENVMON-1-CPU_WARNING_OVERTEMP: Critical Warning: CPU temperature 107C exceeds threshold 110C.  Please resolve system cooling immediately to prevent system damage

        This one is reporting a standard condition:

        %ILPOWER-5-POWER_GRANTED: Interface Fa0/24: Power granted

        Here is an example of a 1 where the voice group says that nothing is wrong:

        Aug  4 13:08:42 rtgcaa75u01-01.sw.us.bank-dns.com 047489: Aug  4 11:08:41: %IVR-1-APP_PARALLEL_INVALID_LIST: Call terminated.  Huntgroup \'1\' does not contain enough valid SIP end-points to proceed with a parallel call.

5798
Views
4
Helpful
12
Replies
CreatePlease to create content