08-29-2011 05:09 PM
Hi.
I'm trying to setup an open source SYSLOG message management solution to allow me to easily browse/manage/notify messages coming out of my routers and switches.
I've installed a product called Graylog2 which appears to tick allth e boxes, but I've hit a hitch.
It appears the syslog message format coming from the Cisco's isn't recognised properly by the application, resulting in invalid data.
I've got the following config on my test router, which outputs to syslog fine
service timestamps log datetime msec
logging enable
logging trap debugging
logging origin-id hostname
logging facility local6
logging source-interface GigabitEthernet1/0.3
logging 10.100.1.111
This results in messages in the following format
Aug 26 08:38:13 10.50.12.253 582: R1: Aug 25 22:36:55.135: %SYS-5-CONFIG_I: Configured from console by darren on vty0 (10.50.12.131)
What I need to do, I believe, is figure out how to maniuplate the format of this output if I can, and delete the second set of time/date parameters, so it looks like this
Aug 26 08:38:13 10.50.12.253 582: R1: %SYS-5-CONFIG_I: Configured from console by darren on vty0 (10.50.12.131)
Does anyone know how I can make this work?
Alternately, does anyone know if IOS 15.2.1 support AMQP (Advanced Message Queueing Protocol) for logging?
Thanks.
Solved! Go to Solution.
08-31-2011 06:33 PM
Execute: no service timestamps log datetime msec
and see if that removes the second timestamp in the log message.
Dan
08-31-2011 06:33 PM
Execute: no service timestamps log datetime msec
and see if that removes the second timestamp in the log message.
Dan
09-18-2011 04:52 PM
dafrey wrote:
Execute: no service timestamps log datetime msec
and see if that removes the second timestamp in the log message.
Dan
hi Dan.
Thanks - your suggestionw orked, the product didn't. :-) I gave up and am just trolling through text logs for now.
Thanks again.
Cheers.
09-28-2017 03:47 AM - edited 09-28-2017 03:49 AM
Hi All,
How can i get the device IP address in the log message? I am using syslog4j-grey library to parse the cisco syslog messages. Is it possible to get the device IP from the message which is shown in the syslogd native service logs console?
Sep 27 22:17:44 10.90.12.13 2872: Sep 28 05:17:54.020: %SSH-5-SSH2_USERAUTH: User '*****' authentication for SSH2 Session from 10.19.15.12 (tty = 0) using crypto c
09-28-2017 04:15 AM - edited 09-28-2017 04:16 AM
@viswa9582 wrote:Hi All,
How can i get the device IP address in the log message? I am using syslog4j-grey library to parse the cisco syslog messages. Is it possible to get the device IP from the message which is shown in the syslogd native service logs console?
Sep 27 22:17:44 10.90.12.13 2872: Sep 28 05:17:54.020: %SSH-5-SSH2_USERAUTH: User '*****' authentication for SSH2 Session from 10.19.15.12 (tty = 0) using crypto c
Hi,
Use logging source interface X and logging origin-id ip command to send logs from interface X which also will be origin-id in log message.Then,you can parse this field from log message.
Personally, when I used graylog2 , I got logs in raw data format.Then you can use java regular expression skills and parse whatever you want :) (this is why I like open source softs sometimes) Because, Cisco (as I know) does not send logs exactly how RFC requires, hence some softs can not parse log fields properly.
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide