Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1801
Views
0
Helpful
4
Replies

CiscoWorks RME 4.3 syslog forwarding

Go to solution
marko.keca
Level 1
Level 1

‎12-06-2010 05:29 AM

Hello,

We are running CiscoWorks RME 4.3 and forwarding syslog messages to another syslog server. To forward messages we use script from https://supportforums.cisco.com/docs/DOC-11592

All is working great at the begining of month. With growing of syslog.log file, forwarded messages are delayed more and more. Because of Syslog Analyzer monthly reports we have log rotate at every 1st day of month.

So question:
Is it possible to write syslogs to two different files? One which will rotate as described above, and other which will be used by syslog_forward.pl and rotated every day?

Thanks in advance!

Regards!

Marko

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎12-12-2010 01:31 PM

You cannot do this on Windows with the LMS syslog server.  All messages will be written to one file.  Logrot in LMS can archive the log files instead of just rotating them.  This way, you can keep messages as long as you want.  Just specify a non-zero number of backups when configuring Log Rotation.  The archived files will be created with a numeric extension (e.g. syslog.log.1, syslog.log.2, etc.).  Those files can be further archived manually to long-term storage.

View solution in original post

0 Helpful

Go to solution
yjdabear
VIP Alumni
VIP Alumni
In response to marko.keca

‎12-20-2010 11:29 AM

You could change the listening port by following the direction in this post:

https://supportforums.cisco.com/message/654252#654252

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎12-12-2010 01:31 PM

You cannot do this on Windows with the LMS syslog server.  All messages will be written to one file.  Logrot in LMS can archive the log files instead of just rotating them.  This way, you can keep messages as long as you want.  Just specify a non-zero number of backups when configuring Log Rotation.  The archived files will be created with a numeric extension (e.g. syslog.log.1, syslog.log.2, etc.).  Those files can be further archived manually to long-term storage.

0 Helpful

Go to solution
marko.keca
Level 1
Level 1
In response to Joe Clarke

‎12-20-2010 07:50 AM

Thanks for the explanation.

As solution with two syslog files is not possible, is it possible to change syslog port for Common Syslog Collector?

By default it is UDP 514, I would like to change it to something like 1514, but I can't find anywhere how to do it.

Thanks in advance!

Regards,

--

Marko

0 Helpful

Go to solution
yjdabear
VIP Alumni
VIP Alumni
In response to marko.keca

‎12-20-2010 11:29 AM

You could change the listening port by following the direction in this post:

https://supportforums.cisco.com/message/654252#654252

0 Helpful

Go to solution
marko.keca
Level 1
Level 1
In response to yjdabear

‎12-21-2010 06:10 AM

Hello,

Thanks for the link. That is exactly what I needed for workaround solution to work. Now I will have Kiwi Syslog Deamon on UDP 514 and CiscoWorks on UDP 1514. I will use Kiwi to forward (with spoofing) syslog messages to CiscoWorks and ArcSight.

Thanks!

Kind regards,

--

Marko

0 Helpful
Customers Also Viewed These Support Documents