cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13709
Views
4
Helpful
13
Replies

Syslog server for Monitoring Cisco devices

i00050145
Beginner
Beginner

I am looking for Syslog server to log all logs from Cisco devices. We have more than 800 cisco devices. Can anyone tell me what syslog server should i use to log these files.

Thank you.

13 Replies 13

Collin Clark
Advisor
Advisor

Check out http://www.rsyslog.com/

Hope that helps.

Thanks collin. I checked the link and I am confused. I am not good at linux. Do you know any syslog server application that can run on Windows platform.

I come acroos Kiwi syslog Daemon but i don't know is it good and secure. Any comments!

Thanks!

I'm a big fan of the Kiwi syslog product and have been using it in production for almost 2 years. You can also try it for free!

It is highly configurable and has some nice options, especially in the registered/paid version.

Carl,

Thanks for the reply and I have few questions about Kiwi Syslog.

What Operating system you are using for Kiwi syslog and are you using separate box or shared server.

Do you know about Kiwi Cat tools? Do we need this tool?

Thank you,

Jacob

Jacob;

We run it on a Windows 2003 server which also houses several other network management tools. As for Kiwi Cat tools, it is a great utility for managing Cisco device configurations and changes. I use it to regularly pull all my device configs so I can reference changes, archive them, etc. However, it is not neccessary to purchase the CatTools product to use the syslog product.

Hope that helps,

Carl

ofwegen
Beginner
Beginner

For 800 devices you should look into a scalable solution. Maybe a commercial product like sawmill is what you need.

http://www.sawmill.net/

tyronescott
Beginner
Beginner

Depending on how much you want to spend. The best product I found was SolarWinds Orion. With 800 Cisco devices I would use it. It is expense but does everything you need for one person to manage 800 devices.

bill_burnam
Contributor
Contributor

I have used Kiwi Syslog. They also offer a lot of other really nice tools that you will find helpful.

http://www.kiwisyslog.com/

-Bill

MATTHEW BECK
Beginner
Beginner

How many messages per second do you think those 800 devices generate? If any of them are firewalls they can be really noisy. I've had great luck with the Loglogic appliances - they can handle almost anything I throw at them.

www.loglogic.com

vasu33378
Beginner
Beginner

see solar winds kiwi syslog server

cisco24x7
Frequent Contributor
Frequent Contributor

Eventpulse is the best tool for windows platform, bar none, and free too.

http://pulse.prismmicrosys.com/pulseAboutPrism.php

Jim Mackley
Beginner
Beginner

Has anyone used the Cisco recommendation of Buliding Scalable Syslog Solutions?

http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html#wp9000318

I used this in another organaztion and we were very successful, we currenlty use Netcool that feeds from a syslog and we get several non-actionable alarms and it's very time consuming for 13,000 devices.  I would only like to alert on 0-5 Cisco Syslog messages.  Below is the response from my Netcool Administrator (What are your thoughts?):

From my Netcool Administrator:

Regarding, using the Cisco syslog severity for alert control, I feel that is not the best way to control the work in Netcool.

1. -- Cisco is not consistent with the use of this value.

    Examples:

        In this case the important message is the lower severity alert: I would consider the BGP-3-NOTIFICATION of a 6 level of Informational

        Aug  4 03:10:01 rtgara02r01m04-lb0.us.bank-dns.com 001458: Aug  4 03:10:01: %BGP-5-ADJCHANGE: neighbor 10.93.69.106 Down BGP Notification sent

        Aug  4 03:10:02 rtgara02r01m04-lb0.us.bank-dns.com 001459: Aug  4 03:10:01: %BGP-3-NOTIFICATION: sent to neighbor 10.93.69.106 4/0 (hold time expired) 0 bytes   

        This one is near the top level of serverity per Cisco but not all that severe in reality, further this syslog has a bug where the threshold is not even exceeded

        %ENVMON-1-CPU_WARNING_OVERTEMP: Critical Warning: CPU temperature 107C exceeds threshold 110C.  Please resolve system cooling immediately to prevent system damage

        This one is reporting a standard condition:

        %ILPOWER-5-POWER_GRANTED: Interface Fa0/24: Power granted

        Here is an example of a 1 where the voice group says that nothing is wrong:

        Aug  4 13:08:42 rtgcaa75u01-01.sw.us.bank-dns.com 047489: Aug  4 11:08:41: %IVR-1-APP_PARALLEL_INVALID_LIST: Call terminated.  Huntgroup \'1\' does not contain enough valid SIP end-points to proceed with a parallel call.

jawad.hussain
Beginner
Beginner

Dear brother,

If you want simple and all in one solution for tftp and syslog I recommend you to use tftp32/tftp64 .
http://tftpd32.jounin.net/

I hope it meets your requirement.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers