On Thu, 2006-03-09 at 08:52 -0800, Dave wrote:
> On 2/27/06, Keith Morse <kgmorse@xxxxxxxx> wrote:
> > Dave wrote:
> > > I have a cisco router sending syslog messages to a linux server. I've
> > > been looking around on how to log those into a separate file and I've
> > > run across using local7 in various howtos. It looks like you can have
> > > 8 different local log settings, but I can't seem to find any docs on
> > > how to set those up. Anyone have a howto on that?
> > >
> >
> > My best suggestion is to take a look at syslog-ng for parsing this out.
> > Takes a bit to get the syntax right but well worth it.
>
> Thanks, I'll take a look at that when I get some time Right now I'm
> just trying to lower the noise in the syslog so I can monitor stuff
> with tail.
Dave,
every syslog message has a FACILITY set by the program that sends the
message. For example, you can tell a program to send everything to
syslog with the facility set to "local3". syslog uses this to determine
where to store the message. In this example, you can put
"local3.* /var/log/cisco.log" into /etc/syslog.conf. However, this
will only work if you can get the Cisco to tag its messages with
facility=local3; you will need to look at your Cisco docs to find out
how to do this.
If Cisco won't let you change the facility, you might run a second
syslog daemon on another machine, and tell the Cisco to send the logs to
the other machine.
-David
