Discussion:
[rancid] cisco router logs
shouldbe q931
2011-11-12 00:12:31 UTC
Permalink
I wondered if anyone had already written a script to extract the logs
from a Cisco router and drop them into CVS

Cheers

Arne
Alex DEKKER
2011-11-12 10:40:16 UTC
Permalink
Post by shouldbe q931
I wondered if anyone had already written a script to extract the logs
from a Cisco router and drop them into CVS
I'm going to speculate that the answer to this is "no they haven't",
because storing logs in CVS doesn't really make any sense, as far as I
can tell. Why would you care about what the logs looked like today vs.
last week or last month, as you would with a config? Each log entry is
timestamped so you can see when things happened. And there's already a
sensible, widely supported mechanism for off-router storage of logs,
syslog.

alexd
shouldbe q931
2011-11-12 13:34:20 UTC
Permalink
Post by shouldbe q931
I wondered if anyone had already written a script to extract the logs
from a Cisco router and drop them into CVS
I'm going to speculate that the answer to this is "no they haven't", because
storing logs in CVS doesn't really make any sense, as far as I can tell. Why
would you care about what the logs looked like today vs. last week or last
month, as you would with a config? Each log entry is timestamped so you can
see when things happened. And there's already a sensible, widely supported
mechanism for off-router storage of logs, syslog.
alexd
Hi Alex

The situation is a small site with an ADSL connection that only has
two desktops and no VPN back to the main site. I'd rather not have
syslog traffic going over the Internet, hence the idea of "collecting"
the log over an SSH connection. Granted its not as tidy as syslog, but
for the quantity of logs I thought it might be an idea. I guess
setting up a site to site VPN to carry syslog traffic will probably be
the simplest solution

Cheers

Arne
Alex DEKKER
2011-11-12 22:25:27 UTC
Permalink
Post by shouldbe q931
Post by shouldbe q931
I wondered if anyone had already written a script to extract the logs
from a Cisco router and drop them into CVS
So in answer to the original question...you could add 'show log' to the
commandtable, or even 'show log | exclude IPACCESS' if you're not
interested in ACL hits.
Post by shouldbe q931
The situation is a small site with an ADSL connection that only has
two desktops and no VPN back to the main site. I'd rather not have
syslog traffic going over the Internet, hence the idea of
"collecting"
the log over an SSH connection.
You can actually encrypt remote logging:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html#wp1054565

but you might find it more straightforward to set up a VPN anyway as it
will have other uses. You will probably want to think about filtering
and/or rate-limiting syslog so that it doesn't overwhelm the either the
router or the upstream on the link.

alexd

Alex DEKKER
2011-11-12 22:37:48 UTC
Permalink
Post by shouldbe q931
Post by shouldbe q931
I wondered if anyone had already written a script to extract the
logs
from a Cisco router and drop them into CVS
So in answer to the original question...you could add 'show log' to the
commandtable, or even 'show log | exclude IPACCESS' if you're not
interested in ACL hits.
Post by shouldbe q931
The situation is a small site with an ADSL connection that only has
two desktops and no VPN back to the main site. I'd rather not have
syslog traffic going over the Internet, hence the idea of
"collecting"
the log over an SSH connection.
You can actually encrypt remote logging:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html#wp1054565

but you might find it more straightforward to set up a VPN anyway as it
will have other uses. You will probably want to think about filtering
and/or rate-limiting syslog so that it doesn't overwhelm the either the
router or the upstream on the link.

alexd
Continue reading on narkive:
Loading...