[Tfug] cisco and syslog

[Stephen Hooper]

Can you change the ports the syslog information is sent to?  Not
pretty, but you could separate out the logs that way.

Or even more hideous, give your syslog host a non-routable IP range,
get all the devices to route to it, and then assign it different IP
addresses, and use a different IP address for each device.

Is this meant to be a solution for you, and yours; or is this meant to
be some kind of public solution?  Either way you would probably get
your ass kicked for suggesting that.

Apart from that, I can only think of the way you have mentioned in
dealing with multiple devices presenting on the same facility is to do
an equivalent grep on the hostnames, as I believe you are doing.

The best way, if you were doing this right would probably be to
write/modify syslog to  keep separate information from separate
machines in separate logs.

Maybe some of the fancier syslog daemons will do that for you, but
then again, they can also do things like throw everything into a MySQL
database, which makes the process trivial as well, but trades off on
accessibility.

On 10/11/06, evorrie at comcast.net <evorrie at comcast.net> wrote:
> My mission is to some how parse log files from a multitude of cisco devices.  Due to the limited amount of facility codes on cisco devices, I cannot make individual logs for each device.  I've been able to find some information as to have a script grep the log file once for each cisco device.  Then I would be able to separate the logs.
>
> My questions are, does anybody have this similar process or is there a better way of doing this?  Thanks.
>