Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
5
Helpful
1
Replies

recivining and analyzing syslog messages from facility local3 on LMS4.2 soft appliance.

kerim mohammed
Level 3
Level 3

‎10-16-2012 11:41 AM

                   HI,

all of our enterprise switches are sert to send syslog messages from facility local3. this is partly because our linux syslog server loggs its boot syslog  messages from  facility local7 an we could't use the default  facility of local7 on our cisco switches. LMS4.2s syslog daemon is set to recieve syslog messages from facility local7. how can i change it so that it can listen for facility local3 and also make sure the syloganalyzer and automated action  work fine.

thanks,

Kerim

Labels:
0 Helpful
1 Reply 1

kerim mohammed
Level 3
Level 3

‎10-22-2012 09:29 AM

Hi All,

I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :

local3.*     /var/log/syslog_info

local5.*   /var/log/syslog_info

the change was automatically reflected on syslog.conf

now we receve alerts from facilities 3 and 5 besides 7.  hope this helps anyone who run into the same issue.

Customers Also Viewed These Support Documents