1. Home
  2. Cisco Systems
  3. Syslog and Cisco Devices

Syslog and Cisco Devices

Hi all,

I have just finished setting up a syslog-ng server for a few routers.

At the end of testing I have decided to rename the routers to make them a bit more descriptive for the way I am flitering the logs.

I decided to change the hostname from to _.

This was all fine and all the routers now have the new name on them when you log into the router. The problem is, when i receive a message on my syslog server, the HOST field, still states the of the router, not _ like it is set to.

I have not restarted the routers that i changed the names on, as they are vital to the running of the business.

Does anyone know if there is some way to make the routers start sending the new hostname in the syslog messages?

When i get home, i will be testing this on a router, but i will be able to restart that one, I am assuming that a restart will fix the problem, but I dont want to restart these routers if i can help it.

Thanks

-Hurgh-

Reply to
hurgh1
Loading thread data ...

Just copy the running config to Flash and reboot the routers. Else try disabling and enabling logging agin

Ck-NET

Reply to
NETADMIN

What's reported in the syslog output is the DNS resolution of the IP address that was the source address for the UDP syslog packet. If you want to change the name in the syslog output then either 1) change the A record on your NS or 2) add a host file entry for that IP that uses the new name.

HTH J

Reply to
J

Hi J,

Thanks for your reply, but i dont think this is exactly right, I have not got reverse lookup's happening for syslog-ng (beacuse of time), and I know that what is being reported is not the dns lookup as the dns name is a lot longer than what is being reported. I have tried what Ck suggested (disable and re-enable logging) but that did not fix it. The next step is to wait till the weekend and restart the router when it is not in use.

Thanks for the replies.

Reply to
hurgh1

I don't use syslog-ng but I know for certain the sysklogd works the way I described. Without a DNS entry what's logged is the barenaked IP address. Rather than request A records from a 3rd-party I simply added hosts file entries with the shortname of each device. I've done this at numerous clients. You're right though. I tested syslog just now with logger and syslog didn't log the IP of the connecting machine for the 4th field. It logged what the remote host gave it, if it gave anything at all.

I sniffed the actual syslog output to learn a bit more about syslog. sysklogd (I can't speak for syslog-ng but it should work in a similar manner) will log the results of a DNS lookup in the 4th field if no hostname is given in the datagram. The output of my sniff showed all 3 fields of the date stamp followed by the Cisco output detailing what was logged. In this case the output was %SYS-5-CONFIG_I: Configured from console by username on vty0 (aaa.bbb.ccc.ddd)". Neither the Cisco router or switch I tried provided any output that pertained to which host provided the output. Yet syslog logged the hosts name I provided for one of the IPs and the A record for the other IP. Cisco devices don't send their FQDN or even their hostname in the syslog output.

Syslog-ng may operate differently but this is how GNU sysklogd operates. Hope this helps give some insight.

J

PS==> I've been meaning to give syslog-ng a try. One of these days....

Reply to
J

Try this configuration command in the router.

logging origin-id hostname

Reply to
Clubber

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.