logging cisco ios messages to external freebsd syslog
| February 25th, 2009our cisco router is at 10.0.0.1 and our freebsd box is at 10.0.0.20.
first cisco configuration:
!adds router’s local time to messages
service timestamps log datetime localtime
!this works on ios 12.4, other versions might use different syntax
logging trap debugging
!our syslog server
logging 10.0.0.20
logging on
now on the freebsd box. first enable syslog to accept messages from external sources, in /etc/rc.conf:
syslogd_flags=”-a 10.0.0.1/32:*”
the “:*” at the end is quite important as it tells syslogd to accept all messages sent from 10.0.0.1 from any source port. Without it it only accepts messages sent from port 514 (syslog)
next create your log file: touch /var/log/router.log and add something similar to the top of your /etc/syslog.conf:
#enter your router’s host name here:
+10.0.0.1
#in fact local7.* should be enough here, as it’s cisco’s default facility
*.* /var/log/router.log
#this resets the previous +host definition
+*
now restart syslogd:
# /etc/rc.d/syslogd restart
if you can’t see anything in /var/log/router.log (and it’s not because your router has nothing to report), start your syslog in the debugging mode:
# /etc/rc.d/syslogd stop
# syslogd -d -v -a ‘10.0.0.1/32:*’