Very Computer

I am using Slackware version 1.2.13 and can't configure the syslogd to
accept messages from my Cisco router. I believe my Cisco is configured
correctly to relay messages to the IP address of my Linux box. I have also
checked network connectivity and all seems fine.

One problem I am having is finding documentation that does more that simply
mention that syslogd exists. I did look up the on-line help on syslog.config
but did not have much luck with it. Here are some specific questions:

1) Is there more thorough documentation somewhere that explains syslog in
detail?

2) Does syslogd have it's own process or is it part of inetd? I only see
inetd when I use the ps command.

3) Is there a way to manually send a message to syslog to see if it is
working? By the way, the messages in my /var/adm/syslog seem to be old - not
logging anything new.

4) Does anyone have a Cisco configured to log to Linux? The Cisco doc
recommends the following modification to the syslog.config file:

     local7.debug                                    /var/adm/router.log

I have made this change but the /var/adm/router.log file was not created,
even though I had debug level trapping enabled on the Cisco. I then used the
touch command to create this file, in case it needed it to start logging to
it. Nothing. The file stays at 0 bytes.

Would appreciate some pointers.

--
 Please also copy my e-mail account.

 Charles Kerekes

Hmmmm... I had the same problem once, trying to log from one of our
livingston routers. It turned out that all I had to do was change the
syslogd startup script to run 'syslogd -r' which tells syslogd to log from
remote machines. I found it in the man page for syslogd, I think.

Paul

On Sun, 9 Aug 1998 17:00:07 -0500,

Quote:> I am using Slackware version 1.2.13 and can't configure the syslogd to
> accept messages from my Cisco router. I believe my Cisco is configured
> correctly to relay messages to the IP address of my Linux box. I have also
> checked network connectivity and all seems fine.

On the Cisco:
logging trap debugging
logging 192.168.1.1        (well, your real IP here... :))

Quote:> One problem I am having is finding documentation that does more that simply
> mention that syslogd exists. I did look up the on-line help on syslog.config
> but did not have much luck with it. Here are some specific questions:

> 1) Is there more thorough documentation somewhere that explains syslog in
> detail?

Than man?  Not really.

Quote:> 2) Does syslogd have it's own process or is it part of inetd? I only see
> inetd when I use the ps command.

It's a standalone process.  It should be started (in Slack, anyway)
in /etc/rc.d/rc.M.  In newer versions, it requires a -r flag to
accept remote log entries.  It also (in newer versions, I don't remember
it being a problem with Slack3.0, which is what it sounds like you have)
was really picky about hostnames: make sure your hostname is in
/etc/hosts: if it can't resolve itself at boot, syslogd would dump
core and die.

Quote:> 3) Is there a way to manually send a message to syslog to see if it is
> working? By the way, the messages in my /var/adm/syslog seem to be old - not
> logging anything new.

Well, if you don't see it in ps, it's not running.  But 'logger' can
send it messages if it's around:

logger -p local7.debug "this should be logged"

Quote:> 4) Does anyone have a Cisco configured to log to Linux? The Cisco doc
> recommends the following modification to the syslog.config file:

>      local7.debug                                    /var/adm/router.log

Well, mine goes into /var/adm/messages which swatch watches for me,
but yep, that's it.  Make sure you use tabs between them, not spaces.

Quote:> I have made this change but the /var/adm/router.log file was not created,
> even though I had debug level trapping enabled on the Cisco. I then used the
> touch command to create this file, in case it needed it to start logging to
> it. Nothing. The file stays at 0 bytes.

As I recall, the Linux syslogd doesn't require the file to exist, though
some others certainly do.  It can't hurt, though won't do anything if
syslogd isn't actually running.

--
Brian Moore                             Kill A Spammer For Jesus
Sysadmin, C/Perl Hacker, Usenet Vandal

Thanks to those of you who posted suggestions.

I stumbled on the -d option to run syslogd in debug mode. In this mode it
gave me a Segment Failure error. I started digging in the syslog.conf file
to see why it loads part of the way and then gives me the error. This file,
by the way, is what came with the Slackware installation. The only
modification I made was the following line so my Cisco can log to it:

     local7.debug                                    /var/adm/router.log

In the file itself there was a note to use tabs only, not spaces. I decided
to delete all lines except the one above. I restarted syslogd and it started
working. My Cisco was able to log without problems. When I have some more
time I will put back the other lines to see which one was causing me
problems.

Thanks again for the help!

Charlie