01-05-2003 08:49 PM - edited 03-02-2019 03:56 AM
Hello All,
In my Switched environment (LAN), I have configured my 2620 to log message in my Linux box. Whenever my any WAN link goes down, 2620 logs it in Linux box and from there using a script (in PERL) i get a mail notification.
Now the goof up is.......2620 is not logging ANYTHING in /var/log/messages, even after running #logging <linux_box_ip> on 2620. I checked the syslog service on Linux also...no prob with it. Sendmail is also running properly. In case anyone interested in the script ....here it is.
-------------------------------------------------------------------
#!/usr/bin/perl
$link_stat = "%LINEPROTO";
$mail_to = "my_email_id1";
$mail_to = "my_email_id2";
open (FILE,"/var/log/messages") || die "can't open $!";
while (<FILE>) {
if ( $_ =~ /$link_stat/g ) {
$found="true";
$up.=$_;
}
}
close(FILE);
if ( $found eq "true" ) {
open (MAIL,"|/usr/sbin/sendmail $mail_to") || die "sendmail
not found";
print MAIL "Subject: LINK FLUCTAUTION\n\n";
print MAIL $up;
close ( MAIL);
}
system("cat /var/log/messages >> /var/log/messages.archive");
system("echo '' >/var/log/messages");
------------------------------------------------------------------------------------------
if anyone can help me....it will be great.
regards,
Vijayendra K. S.
Solved! Go to Solution.
01-08-2003 06:45 AM
Use TCPDUMP on the Linux box and see if any incoming syslog packets are coming from the router. Also verify there is no ACL blocking syslog on the router. As for the buffer overflow that can happen just by using the -r switch. You need to use ipchains or pf to create access lists on the linux box to allow only known devices to pass syslog info.
Bryan
01-06-2003 03:22 AM
Hi,
Try the following:
I you try to configure your syslog.conf file like this:
# local7.
Then your router like this:
#logging on
#logging
#logging facility local7
#logging trap
#logging source-interface
Hopefully you will be logging some stuff on your Linux box.
01-07-2003 02:56 PM
You may need to give syslog under the
-r
switch in order to tell it to accept packets
from remote hosts.
man syslogd
Cheers,
SB
01-08-2003 01:57 AM
Thanx Jhalldn and Sbaxter,
Jhalldn:
local7.* are for boot messages.....which i dont need.
so all logging commands are executed.
Sbaxter:
I stopped the syslogd ans restarted it with -r switch...
STILL NO LUCK......
1. is there any way i can check wether my router is sending packets to Linux box ?..............(i am able to ping each other from other)
2. My friend told me thre has to be SOMETHING IN SYSLOG (ie on Linux box) TO SPECIFY from WHERE TO ACCEPT PACKETS (or WHO ALL are allowed to log packets)......else if syslog accepts all packets thrown at him...it will be a BUFFER overflow vulnerability (i think so).
still fighting....
thanx Jhalldn & Sbaxter.
-vijayendra.
01-08-2003 06:45 AM
Use TCPDUMP on the Linux box and see if any incoming syslog packets are coming from the router. Also verify there is no ACL blocking syslog on the router. As for the buffer overflow that can happen just by using the -r switch. You need to use ipchains or pf to create access lists on the linux box to allow only known devices to pass syslog info.
Bryan
01-09-2003 02:01 AM
Hello
Jhalldn, Sbaxter, Bhaase.
Atlast was able to log my desired messaged in the Linux box.
PREVIOUS
------------------------------------------------------------------------------------------------
Syslog logging: enabled (0 messages dropped, 1 flushes, 0 overruns)
Console logging: level debugging, 83007 messages logged
Monitor logging: disabled
Buffer logging: disabled
Trap logging: disabled
------------------------------------------------------------------------------------------------
COMMAND EXECUTED
(config)#logging monitor debugging
(config)#logging trap informational (severity=6)
AFTERWARDS
------------------------------------------------------------------------------------------------
ROUTER#sh logging
Syslog logging: enabled (0 messages dropped, 1 flushes, 0 overruns)
Console logging: level debugging, 83007 messages logged
Monitor logging: level debugging, 17415 messages logged
Buffer logging: disabled
Trap logging: level informational, 37753 message lines logged
Logging to 172.23.162.76(MY LINUX BOX), 2285 message lines logged
-------------------------------------------------------------------------------------------------
Now my script is sending mails as desired upon link outage.
thanx chief(s),
-vijayendra k. s.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide