Configuration to be done in Ubuntu server
RSYSLOG is the default logging utility in Ubuntu. Main configuration file for rsyslog is /etc/rsyslog.conf. Make sure that there is a line as follows in the rsyslog.conf file.$IncludeConfig /etc/rsyslog.d/*.confNow make a new file (say cisco.conf) in /etc/rsyslog.d directory.
Add these line to cisco.conf
local7.* /var/log/cisco/cisco.logThis means that all syslog messages with facility (or tag) as local7 (Local7 is the default tag on all syslog messages from cisco devices) should be logged to cisco.log file at /var/log/cisco directory. So create a folder named cisco at /var/log and a blank document cisco.log inside that folder.
Now just restart rsyslog daemon using the command
sudo service rsyslog restart
Configuration to be done in Cisco device
In the Cisco router/switch whose logs are to be logged in the syslog server, configure the following :
logging Ubuntu_Server_IPFor example,
logging 192.168.2.1Now all the logs from Cisco device will be logged to Syslog server in the Ubuntu machine. You can see the logs at System Log viewer by opening /var/log/cisco/cisco.log
No comments:
Post a Comment