Sending Logs to Multiple Syslog Servers

Similar Messages

• Ability to send syslog events to multiple syslog servers - SA540

  Please add the ability to send syslog events to multiple syslog servers in the SA500 Series routers.  I know the functionality is currently in the RV220W because we utilized it.  It would be great if you could configure the syslog servers by event type as well.  For example, being able to send the kernel events to syslog server A, and all other events to syslog server B.

  You can do the following:
  1) Create a remote log target for your syslog server at
  System Administration >
  Configuration >
  Log Configuration >
  Remote Log Targets
  2) Configure the log categories that should be enabled to eb sent to this log target.
  Go to
  System Administration >
  Configuration >
  Log Configuration >
  Logging Categories >
  GlobalSelect a specifc category and then look at "Remote Syslog Target" tab.
  For each category that you want sent to your syslog server select the remote log target in the "
  Selected Targets" transfer box
  Note that this configuration is hierarchical. So if make configuration for one log category it applies to all subtemding categories. For example if configure
  "AAA Audit" then the configuration will apply to the pass and failed attempts categories

• How to configure IPS 4240 - K9 to send log file to syslog server

  I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice.
  Thanks in advanced.

  Ali -
  I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog messages. Your only options for sending signature event information are:
  SDEE (an TLS Encrypted XML formatted message) the sensor is the SDEE Host and your event receiver (MARS, IME, Intelitactics, etc) is the client.
  SNMP Traps - You need to set the "Action" on each signature you want the sensor to send a trap.
  - Bob

• Send Syslog messages to multiple SYSLOG servers

  Hi,
  We are have two syslog servers defined, however we notice that the ACS only sends the syslogs to one server and will only send to the other in a failure scenario, which is a standard operation across all platforms. However we have a requirement for the ACS to send syslogs to both servers simultaneously, is there a configuration option for this?
  Many Thanks
  Leon Noble

  You can do the following:
  1) Create a remote log target for your syslog server at
  System Administration >
  Configuration >
  Log Configuration >
  Remote Log Targets
  2) Configure the log categories that should be enabled to eb sent to this log target.
  Go to
  System Administration >
  Configuration >
  Log Configuration >
  Logging Categories >
  GlobalSelect a specifc category and then look at "Remote Syslog Target" tab.
  For each category that you want sent to your syslog server select the remote log target in the "
  Selected Targets" transfer box
  Note that this configuration is hierarchical. So if make configuration for one log category it applies to all subtemding categories. For example if configure
  "AAA Audit" then the configuration will apply to the pass and failed attempts categories

• Sending to multiple mail servers

  Hello,
  Can Ironport be configured to send email to multiple mail servers? I don't mean load balancing or failover. What I want is for the Ironport to send the same inbound email to two separate mail servers.
  Regards,
  Xavier

  I think you need to use a message filter. Something like this:
  bccMessageFilter:
  if ((mail-from == '^xavier$') and (rcpt-to == '^lloyd$'))  {
       bcc('[email protected]', '[Bcc] $Subject', '$EnvelopeFrom', '[IP/hostname of alt mail server]');
  Note: I haven't tested this.      

• Send certain syslog messages to different syslog servers

  We have had a security event where we have had to apply certain ACL's to block some traffic.  Some of the blocked traffic is logged to syslog.  We would like to send that log information to different syslog servers, depending on certain pattern matches.
  syslog entries that match pattern xxx = export to syslog server A
  syslog entries that match pattern yyy = export to syslog server B
  Is this possible using something like tcl scripting and EEM?  If so, could someone share some guidance on how this might be accomplished?
  TIA

  Thanks, Joseph.  You answered the question asked...but unfortunately I think that I did not phrase the question correctly.
  Our match criteria will always be mutually exclusive, so it will never match both.  Always one or the other.
  So now that we have this working in it's basic form, now we want to take it a step further and do the following....
  (working) Match criteria A, set Stream 10
  (working) Match criteria B, set Stream 20
  (working) Send stream 10 to syslog Host A
  (working) Send stream 20 to syslog Host B
  (NEW) Send stream 10 AND 20 to syslog Host C
  Unless we have the syntax incorrect, it appears as though we can only send one stream to a given host.  We can configure 'logging host SyslogC filtered stream 10'.  But if we then configure 'logging host SyslogC filtered stream 20', it appears to overwrite the previous configuration, so that we only send Stream 20 to SyslogC, and not Stream 10.
  Is it possible to send multiple streams to a single syslog host?
  Thank you!

• Multiple PIX logging to single syslog server

  I have 2 PIX machines and I have configured the both of them to send logs to my syslogd. What I would like to know is how do I set up two different log files for each PIX machines? Cheers guys

  Hello Aziz,
  You can use "syslog-ng" under linux. There, you can configure rules based on some fields (for example, the name reported by the pix) to send them to one file or another.
  Alternatively, you can choose different locals for the two PIX and filter that on a legacy syslog daemon. But keep in mind that the number of local is limited.
  Kind Regards,
  Jean-Fran?ois Gobin

• Trouble in Syslog Validation (send log)

  I am doing a project to to capture the Syslog from the switches and routers, so for most of devices i can generate the syslog by giving the command " send log" and so that i would receive the same locally as well in the tool.
  Note : These devices are in production.
  We have a monitoring tool " Stablenet v6.72" i think syslog is also the same(same utility in Stablenet)
  The problem iam facing is, for many devices i am not able to give the test command as they are running an IOS c3560-ipbase-mz.122-25.SED1.bin.
  I have configured the syslog server on all the devices and there is reachability and port 514 is opened though,
  I do make you know that we have many firewalls in the network and i belive tat all the devices have reachability to the Syslog server, ( My firewall blocks the Ping traffic and traceroute traffic) so i unable to find out which firewall blocks.( if it is so)
  Please let me know how do i validate remaining 1200 devices. :(
  Please help me,
  Nithin M

  Hi Nithin
  my advice is to issue a command on each device that will initiate a syslog message. At least this way you can be sure its working, since you will always expect the same kind of syslog message. I know for example if you have the syslog severity set to level 5 you will get "configuration change" messages.  To set your level enter this command: 
  'logging trap notifications'
  And then , by entering into config mode ( "conf t" ) as well as exit out of config mode a CONF_I syslog message will be sent immediately as you exit out configuration mode.
  hope it helps.
  Cheers
  Pierre

• EA4500: how to send logs to syslog or via email?

  Hello,
  I absolutely need to collect the router logs and send them to a syslog daemon or via email.
  How xan I achieve that?
  Thanks

  The router does not have the feature where you can save the logs to a notepad, why not click on Open in Browser and then copy and paste the results to a notepad or wordpad so that you can go ahead and send it thru email.
  Please check link below how to enable logs in the router:
  Title: Enabling the Logs feature of the Linksys Smart Wi-Fi Router using local access
  Article ID: 26579

• Enable syslog debug level 7 and send logs to syslog

  Hi,
  on cisco ASA, I've to enable syslog debug level 7 and send logs to syslog. how to do that?

  Unless you have been fiddling with logging levels previously, most ACE's will be using the cisco default logging, and at debug/7 level most of those will generate syslog entries.  Don't forget that "show access-list" will show hits counts for the individual entries as well, independently of any syslog output.
  Lastly, if a reload is an option, in your situation what I would do if modifying 3k lines was needed is:
    1) copy startup-config a.txt
    2) export a.txt by TFTP or SSH or USB or whatever
    3) edit the configuration using offline tools with regular-expression capabilities such as textpad (windows) or vi or emacs or perl or ...
    4) import the revised b.txt config
    5) copy b.txt startup-config and reload
  -- Jim Leinweber, WI State Lab of Hygiene

• DMS need to send the same document to multiple content servers

  Dear Experts,
  We are implemeting DMS with three content servers(A,B,C locations).We have requirement that need document must save on 3 content servers and user can see document from any one of them.
  As per understanding while create document ECC system ask which content server need to save,We can select one of content servers.
  Kindly give me answers for below questions
  - Is there any posibility to select multiple content servers which creating document?
  - Is there any posiblity to shared repository for 3 servers?
  Please advice on the requirement.
  Thanks in advace.
  Regards,
  Santhosh.

  Dear Santhosh...
  for this kind of scenario SAP Provide
  Content Servers and Cache Servers
  Any number of content servers can be installed in different locations. The contents are transferred directly between the client and content server. A cache is used to store copies of documents when they are accessed for the first time. As a result, the documents can be accessed again more quickly, since the contents are taken directly from the cache. Caching, however, must not be confused with replication.
  With caching, the original documents are stored in one location, namely on the content server. The copies in the cache can be replaced with newer content at any time.
  Follow the link ..it will help you
  http://help.sap.com/saphelp_nw04s/helpdata/en/02/804d3ccd6fba74e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/7f/fba637fcf7dc39e10000009b38f8cf/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/21/f36c11389511d5992200508b6b8b11/frameset.htm
  for the installation process Content Servers and Cache Servers
  follow the link
  [SAP Content Server for Windows Installation Guide|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/cfa73246-0a01-0010-71b4-bc21ccb45c99?quicklink=index&overridelayout=true]
  or see this post...
  Content Repository & Content Category
  Regards
  Tushar Dave

• ASA 5550 - Two different syslogs servers

  Hi to all.
  In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it? All suggestions will be really appreciated. Thanks.

  Hello,
  While there is a limitation in the syslog server configurations, you could
  use other logging methods to collect specific information. While it is not
  very efficient method, if you are just concerned about login/logout messages
  for security audit purposes, you could use email logging. You can create a
  logging list and then send those messages to your email.
  Example:
  logging list mail message 111008
  logging list mail message 111004
  logging from-address
  You can do similar things by sending specific log events to SNMP server as
  well.
  Hope this helps.
  Regards,
  NT

• Can't send emails to multiple recipients any more?

  Yesterday I had to send an email to some 30 other people (I only do this occasionally).
  It refused to go and I received this error message:-
  I have several email accounts but each one was the same.
  At that time I could not even send single emails but incoming emails were unaffected.
  Later in the day I received this email from my ISP mail account.
  Your emails may be blocked – please confirm your alternate BT Yahoo! Mail addresses
  Dear Customer,
  You’ve received a ‘553’ error message because we’ve upgraded your BT Yahoo! Mail account security to help protect against ‘spoofing’ – when people use alternate email addresses to disguise the real sender, possibly to commit fraud.
  What you need to do
  We need you to take a few minutes to confirm each of the BT Yahoo! Mail alternate email addresses you use are genuine. If you don’t, you might get more ‘553’ error messages and have problems sending emails. Just log in and follow these simple steps. We don’t ask for any personal information.
  This is rubbish and I had a similar one last year which I ignored, as the simple steps were far from simple, and the following morning all was back to normal.
  So I ignored this email and tried again this morning.
  I was still unable to send emails to multiple recipients but now I can send single emails OK!
  Any ideas what is going on?
  Is it Mail's fault or my ISP's?

  From the error message, it looks like there was a problem with at least one of the addresses ("NONE"). It is possible that a bad address is in the list you tried to send to.
  I don't know anything about BT Internet, so I can't confirm the authenticity of the email you received.
  You should be able to log into your BT account directly from the web without using any links sent in the email.
  The email also seems to indicate you used an alias as the reply-to (from) email address.
  You didn't mask out the username for your smtp server and it is definitely different from the from account. This may all be normal, but it does tend to match what the email is telling you.

• Sending mail with multiple dest., one is rejected - mail is rejected, why?

  Hello,
  I have a problem with my messaging server, while sending mails to multiple users, and one of them does not exist or is overquota.
  If one of the recipients gets rejected (email address does not exists or is overquota), the email is rejected (type J register) and no one receive it.
  any idea why messaging is doing this?
  The queue i'm using is configured like this:
  tcp_intranet notices 3 smtp nomx backoff "pt5m" "pt10m" "pt30m" subdirs 50 maxjobs 20 pool TCP_INTRANET_POOL recipient
  limit 256 maytlsserver maysaslserver allowswitchchannel saslswitchchannel tcp_auth identnone noexquota
  tcp_intranet-daemonand the version of messaging
  imsimta version
  Sun Java(tm) System Messaging Server 6.2-4.03 (built Sep 22 2005)
  libimta.so 6.2-4.03 (built 04:14:30, Sep 22 2005)
  SunOS smtp07 5.9 Generic_118559-28 i86pc i386 i86pc
  root@smtp:/var/opt/SUNWmsgsr/config > thanks in advance
  Xavier

  xavierm wrote:
  If one of the recipients gets rejected (email address does not exists or is overquota), the email is rejected (type J register) and no one receive it.If an individual email account is overquota or an email address doesn't exist, only that RCPT TO: attempt for that individual address will be rejected -- this does not mean the email cannot be delivered to the valid recipients.
  It is up to the email client to determine how an individual rejected recipient address is handled, i.e. should it continue sending the email or give up and alert the user.
  any idea why messaging is doing this?This is how all efficient email servers operate. What is the email client that you are using to send the email?
  The queue i'm using is configured like this:
  tcp_intranet notices 3 smtp nomx backoff "pt5m" "pt10m" "pt30m" subdirs 50 maxjobs 20 pool TCP_INTRANET_POOL recipient
  limit 256 maytlsserver maysaslserver allowswitchchannel saslswitchchannel tcp_auth identnone noexquota
  tcp_intranet-daemon
  The noexquota option does nothing on Sun Messaging Server:
  "Note that these options have no effect on delivery to Messaging Server mailboxes on any platform. "
  http://msg.wikidoc.info/index.php/Exquota%2C_noexquota%2C_holdexquota_Channel_Options
  You may however want to try the acceptalladdresses channel option:
  http://msg.wikidoc.info/index.php/Acceptalladdresses%2C_acceptvalidaddresses_Channel_Options
  Regards,
  Shane.

• Mail Adapter - Multiple mail ID and multiple mail servers config.

  Hi All
  I am doing BPM synch scenario in which i get the response from SAP box and send the response via email adapter. I am using mail.xsd and doing mail config. in message mapping. However in the TO field i am able to give only one email ID. If i give multiple email ID's mail is not received. I tried comma and semi-colon as separator. Still not working? I have two questions in configuring TO option:
  1) How to send to multiple id's? I am using Lotus Notes.
  2)How to send to multiple mail servers? I have to send to Lotus Notes id's and outlook express id's also simultaneously.
  Thanks for your help in advance
  Warm Regards
  Samuel

  Hi,
  Please find here with some observations about it,
  1) How to send to multiple id's? I am using Lotus Notes.
  If you have specified an IMAP server under URL, the message is saved in the specified folder but is not sent to the receiver specified under To.
  Then even if Under To, you had specified the e-mail address that will receive the message would be separated with a semicolon. It will not work.
  Please verify about it .
  The below link will also help you to verify if there is anything missing
  Mail Adapter (XI) - how to implement dynamic mail address
  /people/michal.krawczyk2/blog/2005/03/07/mail-adapter-xi--how-to-implement-dynamic-mail-address
  BPM:Single Sender and Multiple Receivers based on synchronous
  exchange(switch) part-1
  /people/prasadbabu.nemalikanti3/blog/2006/03/10/bpmsingle-sender-and-multiple-receivers-based-on-synchronous-exchangeswitch-part-1
  Generic Message Interface in SAP Exchange Infrastructure Email Integration Scenarios
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00d5a235-4803-2a10-f682-889d67c69975
  (If your using Alert Framework then)
  If you want to send it to multiple email addresses and all email addresses are user of XI then you can define "Role" and attach that role to everyuser and make this role as receipent of alert .
  Thanks
  Swarup
  Thanks
  Swarup