syslog

syslog

Post by Stev » Fri, 13 Jul 2001 00:24:42



We have just recently set up a network with various Cisco routers setup to
log
to a syslog server running solaris 8. The routers all have identical
configs.

The problem is that only one router is actually logging anything to the
syslog and the
others just seem to blackhole the packets.

I am able to snoop these syslog UDP packets coming from the routers to the
server
and they all look identical to the router that does log correctly.

Does anybody know any reason why syslogd will not respond to these packets ?
or anything that I could have missed ? or point me in any direction that
could prevent
me banging me head against the wall day in day out???

Thanks

Steve

P.S. Here is the snoop output:

IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 133 bytes
IP:   Identification = 64236
IP:   Flags = 0x0
IP:         .0.. .... = may fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = c997
IP:   Source address =  1.2.3.4, router.company.net
IP:   Destination address = 1.2.3.5, syslog.company.net
IP:   No options
IP:
UDP:  ----- UDP Header -----
UDP:
UDP:  Source port = 58551
UDP:  Destination port = 514 (SYSLOG)
UDP:  Length = 113
UDP:  Checksum = B985
UDP:
SYSLOG:  ----- SYSLOG:   -----
SYSLOG:
SYSLOG:  "<142>64274: 17w0d: %SEC-6-IPACCESSLOGP: list 103 denied udp "
SYSLOG:

 
 
 

1. Tuning syslog/Syslog reporting/Syslog enhancement/replacements

Hello,

        I have been investigating using syslog's logging facilities. I have
currently set up our network to log to a central logging host. In my
preliminary attempts, I have set up syslog to dump everything to a single file,
which gets messy. I've sorted out the files now, and I have noticed that
certain applications such as telnetd and ftpd write to the LOG_MAIL facility.
Is there
a way to alter the logging facility that they report to, or will I have to have
modified binaries to handle this? I'm mostly concerned with our AIX machines
but we also have HPUX, Sunos/Solaris, and OSF. I could very well have it dump
all
information and sort out the data based on rules I develop using
sed/awk/perl/grep (whatever), But it would be nicer if it were done by
syslog/programs writing to syslog.

        Also, is anyone familiar with any other logging utilities? I would be grateful
for some help/advice or some pointers to where to find this information.

Thanks for your help.

Adam

2. how do i get all interfaces ( + data )

3. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

4. Help for Config Gateway2000 CDROM & Sound Card

5. Syslog replay script for centralized syslog host

6. export pci symbols for pcmcia modules

7. Syslog parser wanted to replace Kiwi Syslog (win32)

8. ext3-orlov for 2.4

9. syslog.conf/syslog

10. Sending syslog messages to a remote syslog server

11. Syslog question - getting other hosts' syslog messages

12. SYSLOG and syslog.conf

13. Syslog.conf and remote syslog entries