nanog mailing list archives
Re: improving signal to noise ratio from centralized network syslogs
From: Tarko Tikan <tarko () lanparty ee>
Date: Sun, 4 Feb 2018 10:21:13 +0200
hey,
This is done with the 'logging facility' command on the devices: After defining your syslog server's IP address and the level of messaging you want (I set it to debug because I want to see everything): on the routers: logging facility local0 on the switches: logging facility local1
Alternative, and more universal, way to do it is to use multiple IPs for syslog server. Then configure correct syslog server IP on the device.
syslog-ng and others can all do filtering to different destinations based on the IP where message was received.
-- tarko
Current thread:
- Re: improving signal to noise ratio from centralized network syslogs Scott Weeks (Feb 03)
- Re: improving signal to noise ratio from centralized network syslogs Tarko Tikan (Feb 04)
- Re: improving signal to noise ratio from centralized network syslogs Shane Short (Feb 04)
- Re: improving signal to noise ratio from centralized network syslogs Brian Knight (Feb 05)
- <Possible follow-ups>
- Re: improving signal to noise ratio from centralized network syslogs Scott Weeks (Feb 05)
- Re: improving signal to noise ratio from centralized network syslogs valdis . kletnieks (Feb 05)
- Re: improving signal to noise ratio from centralized network syslogs James Bensley (Feb 05)
- Re: improving signal to noise ratio from centralized network syslogs valdis . kletnieks (Feb 05)
- Re: improving signal to noise ratio from centralized network syslogs John Kougoulos (Feb 06)
- Re: improving signal to noise ratio from centralized network syslogs valdis . kletnieks (Feb 05)
- Re: improving signal to noise ratio from centralized network syslogs Scott Weeks (Feb 05)