From owner-freebsd-isp Thu Jun 6 14: 5:42 2002 Delivered-To: freebsd-isp@freebsd.org Received: from ra.upan.org (ra.upan.org [204.107.76.19]) by hub.freebsd.org (Postfix) with ESMTP id E579C37B403 for ; Thu, 6 Jun 2002 14:05:34 -0700 (PDT) Received: from ocsinternet.com ([10.0.0.140]) by ra.upan.org (8.12.3/8.11.6) with ESMTP id g56L5XNQ034892; Thu, 6 Jun 2002 17:05:33 -0400 (EDT) (envelope-from mikel@ocsinternet.com) Message-ID: <3CFFDCA9.2050603@ocsinternet.com> Date: Thu, 06 Jun 2002 17:05:29 -0500 From: Mikel King User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: Wim Livens Cc: Mikel King , freebsd-isp@FreeBSD.ORG Subject: Re: syslog-ng References: <3CFFC148.7080904@netscape.net> <20020606204924.GB58553@krijt.livens.net> Content-Type: multipart/alternative; boundary="------------030506000909060109000904" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --------------030506000909060109000904 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit After beating my head against the proverbial wall I figured this much out: source net { udp(ip(x.x.x.x) port(514)); }; destination network { file("/var/log/cisco.log"); }; filter f_local { facility(local1); }; log { source(net); filter(f_local); destination(network); }; The important thing I found was that you have to tell the router the correct 'logging facility' and of course useing the right ip helps...I will try you no dns option...and your filter looks cleaner than mine...so I'll give that a try too... Thanks for the response! Much appreciated. cheers, Mikel Wim Livens wrote: >Op do 06 jun, 2002 om 03:08:40pm -0500, schreef Mikel King: > >>Anyone have cisco routers logging to syslog-ng? trying to find a quick >>config to capture all info from the router... >> > >This should work: > >source net { udp(); }; >options { use_dns(no);}; >filter myrouter { host("1.2.3.4");}; >destination myrouterlogfile { file("/var/log/syslog-from-myrouter"); }; >log { source(net); filter(myrouter); destination(myrouterlogfile); }; > >(haven't tested it exactly) > --------------030506000909060109000904 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit After beating my head against the proverbial wall I figured this much out:

source net { udp(ip(x.x.x.x) port(514)); };
destination network { file("/var/log/cisco.log"); };
filter f_local { facility(local1); };
log { source(net); filter(f_local); destination(network); };

The important thing I found was that you have to tell the router the correct 'logging facility' and of course useing the right ip helps...I will try you no dns option...and your filter looks cleaner than mine...so I'll give that a try too...

Thanks for the response! Much appreciated.

cheers,
Mikel

Wim Livens wrote:

Op do  06 jun, 2002 om 03:08:40pm -0500, schreef Mikel King:

Anyone have cisco routers logging to syslog-ng? trying to find a quick 
config to capture all info from the router...


This should work: 

source net { udp(); };
options { use_dns(no);};
filter myrouter { host("1.2.3.4");};
destination myrouterlogfile { file("/var/log/syslog-from-myrouter"); };
log { source(net); filter(myrouter); destination(myrouterlogfile); };

(haven't tested it exactly)

--------------030506000909060109000904-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message