Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
10
Helpful
5
Replies

Cisco+Linux.

Go to solution
vijayendra_sharma
Level 1
Level 1

‎01-05-2003 08:49 PM - edited ‎03-02-2019 03:56 AM

Hello All,

In my Switched environment (LAN), I have configured my 2620 to log message in my Linux box. Whenever my any WAN link goes down, 2620 logs it in Linux box and from there using a script (in PERL) i get a mail notification.

Now the goof up is.......2620 is not logging ANYTHING in /var/log/messages, even after running #logging <linux_box_ip> on 2620. I checked the syslog service on Linux also...no prob with it. Sendmail is also running properly. In case anyone interested in the script ....here it is.

-------------------------------------------------------------------

#!/usr/bin/perl

$link_stat = "%LINEPROTO";

$mail_to = "my_email_id1";

$mail_to = "my_email_id2";

open (FILE,"/var/log/messages") || die "can't open $!";

while (<FILE>) {

if ( $_ =~ /$link_stat/g ) {

$found="true";

$up.=$_;

}

}

close(FILE);

if ( $found eq "true" ) {

open (MAIL,"|/usr/sbin/sendmail $mail_to") || die "sendmail

not found";

print MAIL "Subject: LINK FLUCTAUTION\n\n";

print MAIL $up;

close ( MAIL);

}

system("cat /var/log/messages >> /var/log/messages.archive");

system("echo '' >/var/log/messages");

------------------------------------------------------------------------------------------

if anyone can help me....it will be great.

regards,

Vijayendra K. S.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bhaase
Level 1
Level 1
In response to vijayendra_sharma

‎01-08-2003 06:45 AM

Use TCPDUMP on the Linux box and see if any incoming syslog packets are coming from the router. Also verify there is no ACL blocking syslog on the router. As for the buffer overflow that can happen just by using the -r switch. You need to use ipchains or pf to create access lists on the linux box to allow only known devices to pass syslog info.

Bryan

View solution in original post

0 Helpful
5 Replies 5

Go to solution
jhalldn
Level 1
Level 1

‎01-06-2003 03:22 AM

Hi,

Try the following:

I you try to configure your syslog.conf file like this:

# local7. /var/log/cisco.log

Then your router like this:

#logging on

#logging

#logging facility local7

#logging trap

#logging source-interface

Hopefully you will be logging some stuff on your Linux box.

Go to solution
sbaxter
Level 1
Level 1

‎01-07-2003 02:56 PM

You may need to give syslog under the

-r

switch in order to tell it to accept packets

from remote hosts.

man syslogd

Cheers,

SB

Go to solution
vijayendra_sharma
Level 1
Level 1

‎01-08-2003 01:57 AM

Thanx Jhalldn and Sbaxter,

Jhalldn:

local7.* are for boot messages.....which i dont need.

so all logging commands are executed.

Sbaxter:

I stopped the syslogd ans restarted it with -r switch...

STILL NO LUCK......

1. is there any way i can check wether my router is sending packets to Linux box ?..............(i am able to ping each other from other)

2. My friend told me thre has to be SOMETHING IN SYSLOG (ie on Linux box) TO SPECIFY from WHERE TO ACCEPT PACKETS (or WHO ALL are allowed to log packets)......else if syslog accepts all packets thrown at him...it will be a BUFFER overflow vulnerability (i think so).

still fighting....

thanx Jhalldn & Sbaxter.

-vijayendra.

0 Helpful

Go to solution
bhaase
Level 1
Level 1
In response to vijayendra_sharma

‎01-08-2003 06:45 AM

Use TCPDUMP on the Linux box and see if any incoming syslog packets are coming from the router. Also verify there is no ACL blocking syslog on the router. As for the buffer overflow that can happen just by using the -r switch. You need to use ipchains or pf to create access lists on the linux box to allow only known devices to pass syslog info.

Bryan

0 Helpful

Go to solution
vijayendra_sharma
Level 1
Level 1

‎01-09-2003 02:01 AM

Hello

Jhalldn, Sbaxter, Bhaase.

Atlast was able to log my desired messaged in the Linux box.

PREVIOUS

------------------------------------------------------------------------------------------------

Syslog logging: enabled (0 messages dropped, 1 flushes, 0 overruns)

Console logging: level debugging, 83007 messages logged

Monitor logging: disabled

Buffer logging: disabled

Trap logging: disabled

------------------------------------------------------------------------------------------------

COMMAND EXECUTED

(config)#logging monitor debugging

(config)#logging trap informational (severity=6)

AFTERWARDS

------------------------------------------------------------------------------------------------

ROUTER#sh logging

Syslog logging: enabled (0 messages dropped, 1 flushes, 0 overruns)

Console logging: level debugging, 83007 messages logged

Monitor logging: level debugging, 17415 messages logged

Buffer logging: disabled

Trap logging: level informational, 37753 message lines logged

Logging to 172.23.162.76(MY LINUX BOX), 2285 message lines logged

-------------------------------------------------------------------------------------------------

Now my script is sending mails as desired upon link outage.

thanx chief(s),

-vijayendra k. s.

0 Helpful
Customers Also Viewed These Support Documents