Syslog-NG for Cisco Devices

From Internetworkpro

This page or section provides device configuration instructions Please note that the information on this page has not been checked for accuracy and is not intended as a replacement to documentation. Please ensure you understand your desired objectives before attempting to apply any examples listed. See more examples at Category:Configuration

Have you ever wanted to get a Cisco device to send it's logs to your syslog-ng server? It's pretty simple to do.

Just append the following to your syslog-ng.conf file. Anywhere will do. (Please note that this is the simplest of configurations for syslog-ng. It is a very powerful syslog server that can be configured in many other ways.)

source net { udp(ip(0.0.0.0) port(514)); }; #0.0.0.0 will allow all hosts to send their logs to your host.

destination d_cisco { file("/var/log/cisco.log"); };

filter f_cisco_info { level(info); };
filter f_cisco_notice { level(notice); };
filter f_cisco_warn { level(warn); };
filter f_cisco_crit { level(crit); };
filter f_cisco_err { level(err); };
filter f_cisco_debug { level(debug); };

log { source(net); filter(f_cisco_info); destination(d_cisco); };
log { source(net); filter(f_cisco_notice); destination(d_cisco); };
log { source(net); filter(f_cisco_warn); destination(d_cisco); };
log { source(net); filter(f_cisco_crit); destination(d_cisco); };
log { source(net); filter(f_cisco_err); destination(d_cisco); };
log { source(net); filter(f_cisco_debug); destination(d_cisco); };

That's all there is to it. Restart syslog-ng and you should be seeing your Cisco logs.

Submitted by tabularasa @ #Cisco on Freenode