I am pushing Cisco router logs to s

[count23]

I am pushing Cisco router logs to syslogd on a FreeBSD box. I want to be notified when high priority messages are logged. The notification would be via email. The problem I'm running into is I'm not sure how to parse the logs to find the right messages.

I am currently sending warning and higher priority logs to the same file. I could split this into 2 or more files if that will help. For instance, one file for messages I want to be alerted on and another file for everything else.

I imagine there is a utility out there that will parse the log file and send out notifications but I just can't find it. If anyone has a suggestion I would appreciate hearing it.

Thanks in advance.

 

[baddos]

I use kiwi syslog server, and it will do what you ask. However, I am not sure if it will run on FreeBSD or not.

-Bad Dos

 

[wybnormal]

What you want to play with is the facilities of syslog. Think of it as pipes within a single pipe. Each internal pipe can go to a different log file. Most Linux/Unix flavors support this so get to the man pages of your BSD box and lookup syslog and facility.

THis sample is from a Solaris setup:


simply edit /source_code_path/src/config/config.sol. You will find
something like this.


#ifndef FACILITY
#define FACILITY LOG_DAEMON
#endif


Change LOG_DAEMON to LOG_LOCALx. In here, I will choose LOCAL5. So the
result should look like


#define FACILITY LOG_LOCAL5


Save the changes, rebuild, and install the binaries. Edit your syslog.conf
file and restart your syslogd so it will know what to do with LOCALx system
messages. In here, this is what I put in syslog.conf.


local5.* /var/log/ftpd


Now, all local5 messages should be stored in /var/log/ftpd

End of example:

MikeS
Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu