Configuring LocalDirector Syslog



Similar documents
Cisco Setting Up PIX Syslog

Using Debug Commands

Using Debug Commands

Configure Backup Server for Cisco Unified Communications Manager

Using Debug Commands

Security Correlation Server Quick Installation Guide

Red Condor Syslog Server Configurations

PIX/ASA 7.x with Syslog Configuration Example

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Security Correlation Server Quick Installation Guide

Knowledge Base Articles

Database Replication Error in Cisco Unified Communication Manager

Syslog Monitoring Feature Pack

Unity Error Message: Your voic box is almost full

Device Integration: Checkpoint Firewall-1

Sample Configuration Using the ip nat outside source static

Network Monitoring & Management Log Management

Configuring System Message Logging

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

Configuring Static and Dynamic NAT Simultaneously

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

Configuring System Message Logging

Moving Exchange Message Stores and Transaction Logs to an Alternate Drive

Cisco Secure PIX Firewall with Two Routers Configuration Example

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Configuring TACACS+, RADIUS, and Kerberos on Cisco Catalyst Switches

BRI to PRI Connection Using Data Over Voice

Syslog & xinetd. Stephen Pilon

Configuring System Message Logging

RSA Authentication Manager

LogLogic Trend Micro OfficeScan Log Configuration Guide

Enable SMTP Message Notifications in Cisco Unity Connection 8.x

VPN 3000 Concentrator Bandwidth Management Configuration Example

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

Presented by Henry Ng

Troubleshooting CallManager Problems with Windows NT and Internet Information Server (IIS)

SSL Tunnels. Introduction

Introduction to Operating Systems

TECHNICAL NOTE. Technical Note P/N REV 03. EMC NetWorker Simplifying firewall port requirements with NSR tunnel Release 8.

Configuring a Gateway of Last Resort Using IP Commands

Backup Cisco ICM Database in Microsoft SQL 2000

PIM SOFTWARE TR50. Configuring the Syslog Feature TECHNICAL REFERENCE page 1

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

Configuring System Message Logging

Linux Syslog Messages in IBM Director

Network Monitoring & Management Log Management

Table of Contents. Cisco Mapping Outbound VoIP Calls to Specific Digital Voice Ports

Log Correlation Engine Backup Strategy

Nimsoft Monitor. sysloggtw Guide. v1.4 series

Locking Users into a VPN 3000 Concentrator Group Using a RADIUS Server

Sample Configuration Using the ip nat outside source list C

CRS 4.x: Automatic Work and Wrap up Time Configuration Example

Network Monitoring & Management Log Management

PIX/ASA 7.x: Enable FTP/TFTP Services Configuration Example

Understanding Simple Network Management Protocol (SNMP) Traps

Lab 5.5 Configuring Logging

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

IOS NAT Load Balancing for Two ISP Connections

EMC AVAMAR BACKUP CLIENTS

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server

Monitoring Clearswift Gateways with SCOM

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

GroundWork Monitor Open Source Installation Guide

Unity Express Voice Mail Transfer Behavior

How To Configure Syslog over VPN

LogLogic Cisco NetFlow Log Configuration Guide

Fixing Problems with IP Phone Services

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

About this Getting Started Guide. Enabling Log Management... 2 Applying a License... 4 Using Log Management How to forward logs...

EventSentry Overview. Part I About This Guide 1. Part II Overview 2. Part III Installation & Deployment 4. Part IV Monitoring Architecture 13

HP Operations Manager Software for Windows Integration Guide

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

Log Correlation Engine 4.6 Quick Start Guide. January 25, 2016 (Revision 2)

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Tracking Network Changes Using Change Audit

SIOS Protection Suite for Linux v Postfix Recovery Kit Administration Guide

Symantec Event Collector 4.3 for Cisco PIX Quick Reference

CSE/ISE 311: Systems Administra5on Logging

DS License Server. Installation and Configuration Guide. 3DEXPERIENCE R2014x

Integrated Cisco Products

Cisco PIX Firewall Manager FAQ

Unity 7.x Event Log Errors

Active FTP vs. Passive FTP, a Definitive Explanation

NTP and Syslog in Linux. Kevin Breit

Linux FTP Server Setup

EMC AVAMAR 6.0 GUIDE FOR IBM DB2 P/N REV A01 EMC CORPORATION CORPORATE HEADQUARTERS: HOPKINTON, MA

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

Kiwi SyslogGen. A Freeware Syslog message generator for Windows. by SolarWinds, Inc.

Siebel Installation Guide for UNIX. Siebel Innovation Pack 2013 Version 8.1/8.2, Rev. A April 2014

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2

SQL Tuning and Maintenance for the Altiris Deployment Server express database.

Configuring Logging. Information About Logging CHAPTER

Checking SQL Server or MSDE Version and Service Pack Level

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

PIX/ASA: Upgrade a Software Image using ASDM or CLI Configuration Example

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

CHANGES IN GECS 3.50 PACKAGES

Linux System Administration. System Administration Tasks

Transcription:

Configuring LocalDirector Syslog Document ID: 22178 LocalDirector is now End of Sale. Refer to the Cisco LocalDirector 400 Series bulletins for more information. Contents Introduction Before You Begin Conventions Prerequisites Components Used Configure How Syslog Works Configuring the LocalDirector to Send Syslog How to Set Up a Syslogd Server Debugging Syslog Verify Troubleshoot Related Information Introduction Messages produced by the LocalDirector that usually go to the console can be collected by sending these messages to a device running a syslogd daemon (syslogd). Syslogd listens on UDP port 514, the syslog port. Syslogging enables you to gain information about LocalDirector traffic and performance, analyze logs for suspicious activity, and troubleshoot problems. Syslogd can run on a number of operating system platforms. Syslogd is installed when you install UNIX, however, you must configure it. Syslogd is not usually native to Windows based systems, however, syslogd software is available for Windows NT. This document describes how syslog works, how to set up the LocalDirector to send syslog messages to a device running syslogd, and how to set up a UNIX based syslogd server. The actual meanings of LocalDirector syslog messages can be found in the LocalDirector documentation. For example, for LocalDirector syslog messages for version 4.2, refer to Syslog Messages. Before You Begin Conventions For more information on document conventions, see the Cisco Technical Tips Conventions. Prerequisites There are no specific prerequisites for this document.

Components Used The information in this document is based on the software and hardware versions below. All versions of Cisco LocalDirector Software. The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it. Configure In this section, you are presented with the information to configure the features described in this document. How Syslog Works All syslog messages have a logging facility and a level. The logging facility can be thought of as where, and the level can be thought of as what. Logging Facility The single syslog daemon (syslogd) can be thought of as having multiple pipes. It uses the pipes to decide where to send incoming information based on the pipe on which the information arrives. In this analogy, the logging facilities are the pipes by which the syslogd decides where to send information it receives. The eight logging facilities commonly used for syslog are local0 through local7, as shown below. Levels local0 local1 local2 local3 local4 local5 local6 local7 There are also different degrees of importance attached to incoming messages. Think of the levels as what. The LocalDirector can be set to send messages at the following different levels (these are listed from highest to lowest importance): Level emergency alert critical error warning notification informational 0 1 2 3 4 5 6 Numeric Code

debug 7 When a LocalDirector is set up to send syslog messages, levels of lower importance include levels of higher importance. For example, if the LocalDirector is set for warning, error, critical, alert, and emergency messages would also be sent in addition to the warning. A debug setting would obviously include messages at all 8 levels. Configuring the LocalDirector to Send Syslog The syslog syntax is as follows: syslog host #.#.#.#! #.#.#.# is the syslog servers address. syslog output X.Y! X is the logging facility and Y is the level. How does the X number translate to logging facility? The X number translates to a logging facility when converted to binary. The last bits bits comprise the local facility, as shown below. 16 = 00010000 = local0 17 = 00010001 = local1 18 = 00010010 = local2 19 = 00010011 = local3 20 = 00010100 = local4 21 = 00010101 = local5 22 = 00010110 = local6 23 = 00010111 = local7 For example, since 22 = 00010110, and the last 4 bits=0110=decimal 6, this is local6. A short cut is to take the X value and subtract 16. For example, 22 16=6, or local6. On LocalDirector, the default facility is local4. The Y number is the level. For example, if Y=2, messages sent would include those at level 2 (critical), level 1 (alert), and level 0 (emergency). The LocalDirector levels are 0 7; these should not be confused with the logging facilities, which are local0 local7. On LocalDirector, the default level is 3 (error). Two examples are shown below. syslog 20.7! 20 equals local4 logging facility.!.7 is the level. 7 means debug to the LocalDirector, that is,! all messages will be logged.

syslog 23.2! 23 equals local7 logging facility!.2 is the level. 2 means critical to the LocalDirector, that is,! critical, alert, and emergency messages will be logged. You can view the current facility.level and syslog server settings on LocaLDirector by issuing the show syslog command. How to Set Up a Syslogd Server Because syslogd was originally a UNIX concept, the features available in the syslogd products on non UNIX systems depend on the vendor implementation. Features may include dividing incoming messages by facility or debug level, or both, resolving the names of the sending devices, reporting facilities, and so on. For information on configuring the non UNIX syslog server, refer to the vendor's documentation. To configure syslog on UNIX, perform the following steps: 1. As root, on SunOS, AIX, HPUX, or Solaris, backup the /etc/syslog.conf file prior to modification. 2. Modify /etc/syslog.conf to tell the UNIX system how to sort out the syslog messages coming in from the sending devices, that is, which logging_facility.level goes in which file. Make sure that there is a tab between the logging_facility.level and file_name. 3. Make sure the destination file exists and is writable. 4. The #Comment section at the beginning of syslog.conf usually explains syntax for the UNIX system. Alternatively, you can read the man page of syslogd with man syslogd. 5. Do not put file information in the ifdef section. 6. As root, restart syslogd to pick up the changes. Examples If /etc/syslog.conf is set for local7.warn /var/log/local7.warn: The warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged in the local7.warn file. The notification, informational, and debug messages coming in on the local7 facility will not be logged anywhere. If /etc/syslog.conf is set for local7.debug /var/log/local7.debug: The debug, informational, notification, warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged to the local7.debug file. If /etc/syslog.conf is set for local7.warn /var/log/local7.warn or local7.debug /var/log/local7.debug: The warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged to the local7.warn file. The debug, informational, notification, warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged to the local7.debug file (some messages will go to both files). If /etc/syslog.conf is set for *.debug /var/log/all.debug: All message levels from all logging facilities will go to this file. Debugging Syslog Before issuing any debug commands, please see Important Information on Debug Commands.

To start syslog in debug (SunOS, AIX, HPUX, or Solaris), you must be root: ps ef grep syslogd kill 9 <pid> syslogd d You should see the following messages at the beginning, as syslogd is reading syslog.conf: cfline(local7.info /var/log/local7.info) cfline(local7.debug /var/log/local7.debug) X X X X X X X X X X X X X X X X X X X X X X X 6 X FILE: /var/log/local7.info X X X X X X X X X X X X X X X X X X X X X X X 7 X FILE: /var/log/local7.debug If these scroll by too quickly, issue the following command: syslogd d more If you see the following messages: cfline(local7.info /var/log/local7.junk) syslogd: /var/log/local7.junk: No such file or directory logmsg: pri 53, flags 8, from pinecone, msg syslogd: /var/log/local7.junk: No such file or directory There is a problem in the setup. In the above example, the file did not exist. Running a debug will also show incoming syslog messages and to which file they are going. logmsg: pri 275, flags 0, from 10.8.1.76, MSG 14: %SYS 5 CONFIG_I: Configured from console by vty0 (171.68.118.108) Logging to UNUSED Logging to FILE /var/log/local7.debug In this case, a message that should have gone to local7.junk and local7.debug was received. Because local7.junk did not exist, the following message is also received: Logging to UNUSED. If syslogd d shows that no messages are coming in, check to make sure that the show syslog command has been issued on LocalDirector. If syslogd information is arriving on the UNIX system, but not going into the proper file, work with the UNIX system administrator or operating system vendor support to correct the problem. If the cause of the problem still cannot be determined, syslog may be run in debug and the output redirected to a file as follows: or sh or ksh: syslogd d > <target_file> 2>&1 csh syslogd d >& <target_file> Note: Red Hat Linux syslogd must be started with the r option to capture network output. UNIX Extension Meaning

.emerg.alert.crit.err.warn.notice.info.debug Verify System unusable, emergencies. Take immediate action, alerts. Critical condition, critical. Error message, errors. Warning message, warnings. Normal but significant condition, notifications. Informational messages, informational. Debug message, debugging. There is currently no verification procedure available for this configuration. Troubleshoot There is currently no specific troubleshooting information available for this configuration. Related Information Cisco LocalDirector Technical Support Cisco Systems Contacts & Feedback Help Site Map 2009 2010 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Jan 31, 2006 Document ID: 22178

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information