cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2599
Views
15
Helpful
25
Replies

Syslog forward

HafezHaim
Level 1
Level 1

Has anyone know how to forward syslog messages to another syslog catcher from CiscoWorks LMS2.5 installed on solaris?

25 Replies 25

Joe Clarke
Cisco Employee
Cisco Employee

This cannot be done using any of CiscoWorks' out-of-the-box features. If your server is on Solaris, you can configure Solaris' syslogd to do this (see the man page for syslog.conf).

On both OSes, though, you could create an automated action script that forwards the syslog messages to another syslog server by creating a script that wraps a tool such as netcat, or a Perl module like Sys::Syslog. For example, the following Perl script could be used to forward messages to 10.1.1.1:

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('udp');

$Sys::Syslog::host = '10.1.1.1';

syslog(LOG_INFO|LOG_LOCAL7, $msg);

closelog;

See the online help modules http://server/help/rme/fundamentals/syslog_Defining_Automatd_Actions.html#wp1211314 and http://rtp-main:1741/help/rme/fundamentals/syslog_Guidelines_Writing_Automated_Script.html for more on Automated Actions and Automated Action scripting.

Thanks,

How I can see if an automated action was successfuly performed ?

The quickest way is to check the product of the action. That is, if your action is to forward a syslog message, check the destination syslog server to see if the message arrived. Or tack some other kind of notification into your action like calling a program from your action script to send an email.

You can also enable Syslog Analyzer debugging, and comb through the AnalyzerDebug.log, but this can be a bit of a pain.

I wrote the script you published and put him to /var/adm/CSCOpx/files/scripts/syslog

I have performed an procedure to create an automated action and I don't recieving syslogs in remote machine

???

You need more than just that script. You need to create a .sh wrapper for it, and properly call the Perl script with the message contents as argument 1. There was also a problem with the script as it was written since it assumed a newer version of Perl. This version should work with LMS 2.6 Perl:

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('inet');

$Sys::Syslog::host = '10.1.1.1';

syslog('info|local7', $msg);

closelog;

I am running LMS 2.6 on Solaris 9. I am looking to forward specific syslogs to another server. I see how I can create an automated action and specify a script and it looks like the script above will work. You mention that you need to create a .sh wrapper for it. What exactly does that mean?

Thanks,

Mike

For Automated Actions to work on Solaris, they must be Bourne shell scripts. Therefore, you will need to create a script named something like forward.sh that calls the Perl script I included. This is all documented in the RME online help for Automated Actions.

OK, i will take a look at that. How do you pass the message to it? I see the script is setup to accept a argument, which should be the message.

Thanks

MikeP

Yes, you will call the script from your .sh wrapper like:

/opt/CSCOpx/bin/perl syslog_forward.pl "$2"

Ok I think I have it.

So I create a script called syslog_forward.pl and put the code you provided above in it. That gets placed in the perl directory.

Then I create another script called something.sh, and that will call the syslog_forward.pl script sending the argument.

My question is how does the argument get from the automated action in Ciscoworks to the first script?

Thanks again,

MikeP

The Automated Action code in RME calls the AA script with the appropriate arguments. This is documented in the RME online help.

YOU ROCK, I have it all working. Thanks a TON for all your help. I can post it all if anyone needs it.

Mike

Could you please post it

I have applied the following batch file and perl script

perl.exe d:\progra~1\CSCOpx\files\scripts\syslog\outofbox.pl

#!/opt/CSCOpx/bin/perl

use strict;

use Sys::Syslog qw(:DEFAULT setlogsock);

my $msg = $ARGV[0];

setlogsock('inet');

$Sys::Syslog::host = '172.25.73.12';

syslog('info|local7', '$msg');

closelog;

when we ran this script manualy there wer no syntax error but we did not get any output from LMS to external Syslog Server, please note there is an automated action which displays the following

Name: sysi

Devices: *

State: Enabled

Parameters: d:/PROGRA~1/CSCOpx/files/scripts/syslog/outbox.bat

Action Type: Script

Messages: *-*-*-*:*

TIA

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: