Sorry for replying to my own question but I found the answer buried in one of Cisco's on-line documents and wanted to make sure it got recorded in the archives in case someone else runs into this problem:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094030.shtml
The problem is that the syslogd used by Red Hat by default does not accept syslog requests from the network. The "-r" option must be specified in the /etc/sysconfig/syslog file for it to do so.
Gregory Gulik wrote:
I've noticed this in the past but now it's getting really annoying. There are certain devices that for some reason can't log to syslog on my RH9 server.
In this particular case I have a Cisco router configured as such:
logging facility local1 logging 192.168.1.2
192.168.1.2 is the IP of my RH9 server. On that server I have the following in /etc/syslog.conf:
local1.notice /var/log/router.log
The file does exist and all that yet nothing ever gets recorded to it. I also have an old Solaris box on the network running Solaris 8 and it has an identical configuration for syslog and when I configure the Cisco to use that IP address I always get events logged.
I've also seen this with other routers in the past and not just this Cisco. I always assumed that the other router was doing something wrong but I kind of have to assume the Cisco is doing it right, especially if the logs do go to the Sun on the same LAN.
What's going on?
-- Greg Gulik http://www.gulik.org/greg/ greg @ gulik.org
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
