02-07-2014 06:17 AM
Hi,
is there a way to change the port on which PI 2.0 is listening for syslog messages? By default it is listening on UDP 514.
02-08-2014 07:13 AM
You might be able to do it in an unsupported way by modifying the supporting files within the application directory that govern how the processes work. If successful, your system could be subject to instability and likely be broken if when you ever upgrade it.
What's the rationale for wanting to change the standard syslog UDP port used by all Cisco devices?
02-09-2014 02:56 AM
The reason is quite simple - PI 2.0 doesn't have possibility to forward gathered syslog messages to a third party tool. Something that was available back in CiscoWorks LMS years ago. So we have to create a workaround for our customer. And our idea is to create a script which would run on PI server, listen for syslog messages on standard PI syslog port (UDP 514), and distribute collected syslog messages to PI (to a port different from the standard one) and to a third party tool. This way we would achieve our goal.
So this can't be done without jeopardizing PI stability?
02-09-2014 06:53 AM
It may be possible (as I mentioned) but it would not be supported.
It would seem to me to be easier to use PI to deploy a configuration change to all the managed devices to add a secondary syslog destination of your thrid party tool.
02-10-2014 10:49 AM
It is not what we want to get. Third party tool needs to collect network inventory logs from one central place - PI. The same as it was in LMS. And we need a workaround different than configuring all network devices to send logs to a different location.
02-11-2014 07:55 AM
Marvin, can you please tell me how to change syslog port?
02-11-2014 10:07 AM
It doesn't look to be configurable even from the OS level. Even if it were, changing it might break the function in PI itself.
I poked around and the syslog|config.properties file does not specify it. It appears that the process syslog_daemon is listening on UDP 514 and unless someone knows differently I'd guess that's built into it's binary image (or at least the way the server calls the daemon when starting).
ade # pwd
/opt/CSCOlumos/conf
ade # cat syslog_config.properties
fileLocation=$XMP_HOME/decap/data/
circularBufferStreamName=SyslogProc_Java_Main_514
filterFileName=$XMP_HOME/conf/syslog_sev_filter.xml
syslogReaderName=syslogReaderName
partitionRange=0ade #
ade # pwd
/opt/CSCOlumos/da/bin
ade # ls -al
total 2196
drwxr-xr-x 2 root root 4096 Nov 21 11:01 .
drwxr-xr-x 8 root root 4096 Nov 21 11:21 ..
-rwxrwxrwx 1 501 named 237482 Aug 16 07:38 cdb_convert
-rwxrwxrwx 1 501 named 639405 Aug 16 07:38 cdbq
-rwxr-xr-x 1 501 named 554851 Aug 16 07:44 da_daemon
-rwxr-xr-x 1 501 named 21193 Dec 12 2012 savecapture
-rwxr-xr-x 1 501 named 311095 Aug 16 07:44 seed_cb
-rwxr-xr-x 1 501 named 446231 Apr 1 2013 syslog_daemon
ade #
02-19-2014 08:23 AM
We are very close to have a workaround for this syslog messages forwarding that Prime misses.
If Prime 2.0 receives syslog messages from all devices not directly forwarded from devices, but from some kind of syslog proxy (one ip address), can it recognize device ip address from syslog message payload and map it to appropriate device in Prime inventory?
We can see in file /opt/CSCOlumos/decap/data/SyslogRcv_Main_514 that syslog messages are coming (from that syslog proxy), but they are not visible in Prime GUI.
02-23-2014 11:58 PM
Anyone?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide