CiscoWorks Resource Manager Essentials (RME) has a feature called SyslogAnalyzer which can run automated actions based on certain syslog messages it receives. One of the action types is to execute a script. That action type can be used to have RME forward the contents of a syslog message to another syslog server (or even multiple remote syslog servers). This will work with any version of RME 4.0 and higher including LMS 4.0.
To do this, first copy the following Perl code into a text file on the RME server. Name the file syslog_forward.pl.
use Sys::Syslog qw(:DEFAULT setlogsock);
my $msg = $ARGV;
$Sys::Syslog::host = 'X.X.X.X';
In this script, the string X.X.X.X needs to be replaced with the IP address of the remote syslog server.
Copy this file to the following location.
(NOTE: NMSROOT is the path into which CiscoWorks was installed. By default, this is C:\PROGRA~1\CSCOpx.)
Next, create another file in the same directory into which you copied syslog_forward.pl. On Windows, this file should be named syslog_forward.bat. On Solaris, the file should be named syslog_forward.sh. The file must contain the following.
On Windows, make sure casuser has permissions to Read & Execute C:\WINDOWS\system32\cmd.exe.
Now the automated action needs to be defined in the GUI. Go to RME > Tools > Syslog > Automated Actions (LMS 3.x) or Monitor > Fault Settings > Syslog > Automated Actions (LMS 4.0), and create a new Automated Action. Select the device or devices to which the action will apply, or leave the default radio button for all devices selected. Next, add a syslog message pattern. Since RME will be forwarding syslogs, a pattern of all asterisks (i.e. forward all syslog messages) is probably desirable.
Click Next then select "Script" as the type of action, and choose the syslog_forward.bat (Windows) or syslog_forward.sh (Solaris) script.
Finally, click Finish, and now any message RME receives that matches your filter pattern (any message in this example) will be forwarded to your remote syslog server.
Hello everyone, Once again i am a bit confused and ask for your help. With regards to control plane policing, i was wondering if is it a way to block, as an example, telnet traffic, using a control plane policy map, and let only one host access ...
Just recently swapped out a C3200 with a C8500. The C3200 had an Aux port that we could use reverse telnet to access the modem which would dial another modem at a remote location and enter the router there as a backup connection (if the VPN to that remote...
Hi everyone,I've been trying to configure 802.1x with MAB on the switches interface.The idea is to have 802.1 x configured and use MAB as a fallback in case of incompatible devices.So far I've managed to configure 802.1x authentication with the RADIUS ser...