Observium Syslog-NG and Cisco Catalyst
Hi,
I've got one problem with logs from cisco catalyst switches.
On switches logs looks fine but in observium i have something like that "% :"
Other vendors looks fine in logs. Where could be the problem?
Tomasz Karczewski
Administrator Sieci
tkarczewski@man.olsztyn.pl
http://www.man.olsztyn.pl http://www.uwm.edu.pl
tel. (89) 523 45 55 fax. (89) 523 43 47
Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie
Hi Tomasz,
there is no problem! This is the Cisco Syslog Message format. Look at cisco.com for the Embedded Syslog Manager Configuration Dokumentation for your IOS release, you will find something like that:
System Logging Message Formatting System logging messages are displayed in the following format: %<facility>-<severity>-<mnemonic>: <message-text> For example: %LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Usually, these messages are preceded by additional text, such as the timestamp and error sequence number: <sequence-number>: <timestamp>:%<facility>-<severity>-<mnemonic>: <message-text> For example: 000013: Mar 18 14:52:10.039:%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Which will result in a syslog message on your logserver like: <timestamp-recv><hostname><seq#><timestamp-sent><above message format> If you want a different "look" in your logfile, you have to use templates in you syslogd configuration to reformat the message.
regards Karsten
From: "Tomasz Karczewski" tkarczewski@man.olsztyn.pl To: "'Observium Network Observation System'" observium@observium.org Date: 14.08.2014 10:29 Subject: [Observium] Observium Syslog-NG and Cisco Catalyst Sent by: "observium" observium-bounces@observium.org
Hi,
I've got one problem with logs from cisco catalyst switches. On switches logs looks fine but in observium i have something like that "% :" Other vendors looks fine in logs. Where could be the problem?
Tomasz Karczewski Administrator Sieci
tkarczewski@man.olsztyn.pl http://www.man.olsztyn.pl http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47
Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Pensez à l'environnement avant d'imprimer ce message / Think of the environment before printing out this message
We've missunderstood i have in my logs on observium only "%:" nothing more :)
Tomasz Karczewski
Administrator Sieci
tkarczewski@man.olsztyn.pl
http://www.man.olsztyn.pl http://www.uwm.edu.pl
tel. (89) 523 45 55 fax. (89) 523 43 47
Ośrodek Eksploatacji i Zarządzania
Miejską Siecią Komputerową OLMAN w Olsztynie
Uniwersytet Warmińsko-Mazurski w Olsztynie
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Karsten Schwarz Sent: Thursday, August 14, 2014 3:05 PM To: Observium Network Observation System Subject: Re: [Observium] Observium Syslog-NG and Cisco Catalyst
Hi Tomasz,
there is no problem! This is the Cisco Syslog Message format. Look at cisco.com for the Embedded Syslog Manager Configuration Dokumentation for your IOS release, you will find something like that:
System Logging Message Formatting
System logging messages are displayed in the following format:
%<facility>-<severity>-<mnemonic>: <message-text>
For example:
%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Usually, these messages are preceded by additional text, such as the timestamp and error sequence number:
<sequence-number>: <timestamp>:%<facility>-<severity>-<mnemonic>: <message-text>
For example:
000013: Mar 18 14:52:10.039:%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Which will result in a syslog message on your logserver like:
<timestamp-recv><hostname><seq#><timestamp-sent><above message format>
If you want a different "look" in your logfile, you have to use templates in you syslogd configuration to reformat the message.
regards
Karsten
From: "Tomasz Karczewski" tkarczewski@man.olsztyn.pl To: "'Observium Network Observation System'" observium@observium.org Date: 14.08.2014 10:29 Subject: [Observium] Observium Syslog-NG and Cisco Catalyst Sent by: "observium" observium-bounces@observium.org
_____
Hi,
I've got one problem with logs from cisco catalyst switches. On switches logs looks fine but in observium i have something like that "% :" Other vendors looks fine in logs. Where could be the problem?
Tomasz Karczewski Administrator Sieci
tkarczewski@man.olsztyn.pl http://www.man.olsztyn.pl http://www.uwm.edu.pl/ http://www.uwm.edu.pl tel. (89) 523 45 55 fax. (89) 523 43 47
Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_____
Pensez à l'environnement avant d'imprimer ce message / Think of the environment before printing out this message
Hi Tomasz,
i had this issue, too. I helped myself with the patch in: http://jira.observium.org/browse/OBSERVIUM-850?focusedCommentId=13286
best regards, Helge
Am 14.08.2014 um 15:34 schrieb Tomasz Karczewski <tkarczewski@man.olsztyn.plmailto:tkarczewski@man.olsztyn.pl>:
We've missunderstood i have in my logs on observium only "%:" nothing more :)
Tomasz Karczewski Administrator Sieci
<image001.png>
tkarczewski@man.olsztyn.plmailto:tkarczewski@man.olsztyn.pl http://www.man.olsztyn.plhttp://www.man.olsztyn.pl/ http://www.uwm.edu.plhttp://www.uwm.edu.pl/ tel. (89) 523 45 55 fax. (89) 523 43 47
Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Karsten Schwarz Sent: Thursday, August 14, 2014 3:05 PM To: Observium Network Observation System Subject: Re: [Observium] Observium Syslog-NG and Cisco Catalyst
Hi Tomasz,
there is no problem! This is the Cisco Syslog Message format. Look at cisco.comhttp://cisco.com for the Embedded Syslog Manager Configuration Dokumentation for your IOS release, you will find something like that:
System Logging Message Formatting
System logging messages are displayed in the following format:
%<facility>-<severity>-<mnemonic>: <message-text>
For example:
%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Usually, these messages are preceded by additional text, such as the timestamp and error sequence number:
<sequence-number>: <timestamp>:%<facility>-<severity>-<mnemonic>: <message-text>
For example:
000013: Mar 18 14:52:10.039:%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Which will result in a syslog message on your logserver like:
<timestamp-recv><hostname><seq#><timestamp-sent><above message format>
If you want a different "look" in your logfile, you have to use templates in you syslogd configuration to reformat the message.
regards
Karsten
From: "Tomasz Karczewski" <tkarczewski@man.olsztyn.plmailto:tkarczewski@man.olsztyn.pl> To: "'Observium Network Observation System'" <observium@observium.orgmailto:observium@observium.org> Date: 14.08.2014 10:29 Subject: [Observium] Observium Syslog-NG and Cisco Catalyst Sent by: "observium" <observium-bounces@observium.orgmailto:observium-bounces@observium.org>
________________________________
Hi,
I've got one problem with logs from cisco catalyst switches. On switches logs looks fine but in observium i have something like that "% :" Other vendors looks fine in logs. Where could be the problem?
Tomasz Karczewski Administrator Sieci
tkarczewski@man.olsztyn.plmailto:tkarczewski@man.olsztyn.pl http://www.man.olsztyn.plhttp://www.man.olsztyn.pl/ http://www.uwm.edu.plhttp://www.uwm.edu.pl/ tel. (89) 523 45 55 fax. (89) 523 43 47
Ośrodek Eksploatacji i Zarządzania Miejską Siecią Komputerową OLMAN w Olsztynie Uniwersytet Warmińsko-Mazurski w Olsztynie _______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
________________________________ Pensez à l'environnement avant d'imprimer ce message / Think of the environment before printing out this message _______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
________________________________ Helge Wiethoff Medienzentrum
Telefon: +49 (234) 968 8717 Fax: +49 (234) 968 3453 E-Mail: Wiethoff@tfh-bochum.de
Technische Fachhochschule Georg Agricola für Rohstoff, Energie und Umwelt zu Bochum Staatlich anerkannte Fachhochschule der DMT-Gesellschaft für Lehre und Bildung mbH Herner Straße 45 44787 Bochum http://www.tfh-bochum.de ________________________________ Träger: DMT-Gesellschaft für Lehre und Bildung mbH Sitz der Gesellschaft: Bochum Registergericht: Amtsgericht Bochum Handelsregister: B 4052
Geschäftsführung: Prof. Dr. Jürgen Kretschmann (Vorsitzender) Manfred Freitag
participants (3)
-
Karsten Schwarz -
Tomasz Karczewski -
Wiethoff, Helge