You want to change the default logging facility.
Use the logging facility configuration command to change the syslog facility that the router sends error messages to:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging 172.25.1.1 Router(config)#logging facility local6 Router(config)#end Router#
The default syslog facility setting is local7.
By default, the router will forward all syslog messages to the server's local7 log facility. You can modify this behavior and forward all of your router's syslog messages to another facility by utilizing the logging facility configuration command. Table 18-1Table 18-1 lists the possible logging facilities that a router will accept.
|
Facility |
Description |
|---|---|
|
Auth |
Authorization system |
|
Cron |
Cron/at facility |
|
Daemon |
System daemons |
|
Kern |
Kernel |
|
local0 |
Local use |
|
local1 |
Local use |
|
local2 |
Local use |
|
local3 |
Local use |
|
local4 |
Local use |
|
local5 |
Local use |
|
local6 |
Local use |
|
local7 |
Local use (default facility for Cisco routers) |
|
Lpr |
Line printer system |
|
|
Mail system |
|
News |
USENET news |
|
sys9 |
System use |
|
sys10 |
System use |
|
sys11 |
System use |
|
sys12 |
System use |
|
sys13 |
System use |
|
sys14 |
System use |
|
Syslog |
Syslog itself |
|
User |
User process |
|
Uucp |
Unix-to-Unix copy system |
|
There are a number of situations where it can be quite useful to choose a facility other than the default. First, another application on the syslog server itself may already be using the local7 logging facility. Although most applications provide a way to change the default logging facility some, regrettably, do not. If two application use the same logging facility, the server will merge
Second, you might want to separate log messages from routers and switches or other types of network equipment. This makes parsing through the log files much easier. For example, you could configure your switches to forward all log messages to local7, and have your routers use local6.
Third, separating perimeter router logs from those of internal company routers can often be important for security auditing reasons. Perimeter routers protect the organization from outsiders and require more diligent attention. Sending their log messages to a separate file so that they are not lumped in with the rest of the organization's router messages makes it easier to give them this extra attention. For instance, perimeter router logs may require different archive periods or have specialized scripts that parse through them. Assigning a different log facility to them is generally a good idea.
The next example shows a sample portion of a syslog.conf file that forwards log messages from all perimeter routers to local5, all other router logs to local6, and all switch logs to local7:
local5.info /var/log/seclog local6.info /var/log/rtrlog local7.info /var/log/switchlog
The sample router configuration in the solution section forwards router log messages to log facility local6. You can configure the perimeter routers to forward their log messages to log facility local5 as follows:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging 172.25.1.1
Router(config)#logging facility local5
Router(config)#end
Router#
One final useful thing to do with your syslog configuration is to send high-severity log messages to a separate file to make parsing easier. The following example shows a sample syslog.conf configuration that logs all router log messages to a single file called /var/log/rtrlog, and all high severity log messages to a file called /var/log/rtrpriority:
local7.info /var/log/rtrlog local7.err /var/log/rtrpriority
 |
|
|
| Top |