improving signal to noise ratio from centralized network syslogs

• Previous message (by thread): improving signal to noise ratio from centralized network syslogs
• Next message (by thread): improving signal to noise ratio from centralized network syslogs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- tarko at lanparty.ee wrote:
> This is done with the 'logging facility'
> command on the devices:
> 
> After defining your syslog server's IP
> address and the level of messaging you want
> (I set it to debug because I want to see
> everything):
> 
> on the routers: logging facility local0
> on the switches:  logging facility local1

Alternative, and more universal, way to do it is to use multiple IPs for 
syslog server. Then configure correct syslog server IP on the device.

syslog-ng and others can all do filtering to different destinations 
based on the IP where message was received.
------------------------------------------------


The nice thing about the simple way is you see 
everything that's happening on the network, except
what you 'egrep -v' out, which you already know 
about.  Then you find things you weren't expecting.
  
You don't go looking for stuff.  You just watch the 
network events scroll by in real time ans see what 
shows up.

I have no knowledge of syslog-ng.  Does it do the
real time scrolling like I mention?

scott 

• Previous message (by thread): improving signal to noise ratio from centralized network syslogs
• Next message (by thread): improving signal to noise ratio from centralized network syslogs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]