[rsyslog] cisco router config and plain TCP syslog
RB
aoz.syn at gmail.com
Tue Sep 23 17:13:59 CEST 2008
> http://kb.monitorware.com/tcp-syslog-fill-s-up-buffer-and-doesn-t-log-single-events-t8705.html
It would seem they're using some version of IOS 12.3 or 12.4; the
'transport X' predicate was introduced some time in the prior but not
documented until the latter. It would be good to know precisely what
version they are running for reference anyway.
For all I can tell (not having set up a test env myself), it would
seem that just because one indicates TCP as the transport, the
underlying engine doesn't change its semantics and remains at the
UDP-esque 'one packet per message'. For that matter, I see references
specifically to RFC3164 as opposed to 3195. Leave it to Cisco...
> I am not an IOS guy, so I would appreciate if someone could drop me the
> right configuration for the routers. Actually, I wonder that they do not
> seem to do that by default. As far as I remember, this has never been an
> issue. I have limited personal experience with PIX, which terminated
> messages correct by default.
:) My primary experience is with PIX as well. Looks like the two
primary options are to use 'transport beep' [1] (Cisco's reference to
RFC3195) or to use an ESM filter [2] to add newlines.
[1] http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00807883c3.html
[2] http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_esm.html
More information about the rsyslog
mailing list