Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1065
Views
0
Helpful
3
Replies

Syslog forwarding from ciscoworks2000

akin.oyelakin
Level 1
Level 1

‎03-20-2006 05:51 AM

Hi All,

Can ayone tell me if it is possible to forward syslog messages from ciscoworks2000 to another syslog server.

The same way we forward snmp trap message from ciscoworks2000 to other snmp management systems. if it is possible, then how?

Labels:
0 Helpful
3 Replies 3

Jason Davis
Cisco Employee
Cisco Employee

‎03-20-2006 11:51 AM

You didn't mention which version of CiscoWorks suite or the platform you're using.

It should be stated that the Syslog reception is really a component of the operating system - not the CiscoWorks Common Services or RME components.

On Solaris the syslog daemon manages the process through the configuration of /etc/syslog.conf. Part of the install process modifies that file and punts the 'local7' facility and 'info' severity.

Windows 2000 didn't have an embedded Syslog receiver so we had to add one to the operating system. Same prinicpal tho - Syslog comes in, operating system grabs it and puts into a file - CiscoWorks RME watches the file for updates and injects the info into an embedded database for processing.

On Solaris you could simply enhance the /etc/syslog.conf file to put the messages in /var/log/syslog_info (default) AND forward to another machine, but when you do that the syslog's source address becomes the Syslog forwarding system - that's not desirable in many cases.

In this kind of scenario I'd recommend you look at the Syslog-NG open source tool and replace your syslog daemons with that. It WILL preserve your Syslog headers and allow a multi-tiered solution, if you need to.

0 Helpful

akin.oyelakin
Level 1
Level 1
In response to Jason Davis

‎03-24-2006 05:26 AM

Thanks,

I am using ciscoworks LMS 2.5 on windows.

can you tell me the procedure or point me in the direction of actually doing this?

if i need to install another syslog server, pls tell me how to disable the one existing for RME right now.

the main purpose of this is to send syslog from a device to the ciscoworks box and let the box forward it to some other boxes for analysis.

cheers.

0 Helpful

Martin Ermel
VIP Alumni
VIP Alumni
In response to akin.oyelakin

‎03-27-2006 05:43 AM

What is about this solution: let the device send syslog messages to both syslog servers?!

In case the CiscoWorks server goes down for maintenace you will still receive syslogs from the devices for analysis.

You will just loose messages if the analysis server is down itself and its function does not relay on the availability of another server..

Martin

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card