Previous section   Next section

Recipe 18.6 Enabling Syslog on a Unix Server

18.6.1 Problem

You want to configure a Unix server to accept syslog messages from routers.

18.6.2 Solution

For most flavors of Unix and Linux, you simple need to modify the /etc/syslog.conf file on your Unix server to include the following entry (basic configuration):

local7.info                                     /var/log/rtrlog

Cisco routers use the local7 logging facility by default. This configuration line tells the syslog program to store any such messages that have a severity level of informational or higher in the file /var/log/rtrlog. The lefthand column in the configuration file specifies the logging facility and priority level, while the right hand column specifies the logging facility and priority level. The righthand column specifies the file name where these messages should be stored.

Note that the syslog.conf file needs tabs, and not spaces, between the various fields.

18.6.3 Discussion

By default, your syslog server may not be equipped to handle router log messages. The configuration entry show in the example causes the syslog daemon to store all router messages with an informational severity level or higher in a file called /var/log/rtrlog. This file must exist and have the proper file attributes before the server can begin to forward messages to it:

Freebsd# cd /var/log
/var/log
Freebsd# touch rtrlog
Freebsd# chmod 644 rtrlog
Freebsd#

After changing the syslog.conf file, you must reload or HUP the syslog daemon to force it to read your new configuration file and begin storing router log messages. On System V-based Unix servers, use the following commands:

Solaris# ps -ef | grep syslogd
    root   142     1  0   Nov 12 ?        1:21 /usr/sbin/syslogd -m 30
Solaris# kill -HUP 142
Solaris#

On BSD-based Unix and Linux servers, use the following commands:

Freebsd# ps -aux | grep syslogd
root       66  0.0  0.2   960  624  ??  Ss    3Mar02   0:28.66 syslogd -m 30
Freebsd# kill -HUP 66
Freebsd#

For more information on your syslog daemon and its configuration options, check your system's manpages using the Unix commands man syslog and man syslog.conf.

Some Unix flavors, including most Linux distributions, require the syslog daemon be initialized with the -r switch before they will accept remote syslog messages. For more information, use the command man syslogd.

18.6.4 See Also

Recipe 18.7; Recipe 18.11; Recipe 18.12

  Previous section   Next section
Top