DX Unified Infrastructure Management

Hi,

a prospect is asking whether we have templates to process messages in the cisco syslog format using our Syslog-gateway probe.

I know we are be able to process those but I was just wondering whether someone came across this at another customer before?

I don't see a real difference to normal syslog messages or have I missed something?

-chris

Hi Chris,

I am not aware of any difference between the Cisco format and a normal format.  I *beleive* it is an RFC/standard.

As a side question - Is this a security focused opportunity?  I believe we need to start to pay a lot more attention to syslog requirements and build up our library on this area.  We have the EXS extension as an example...

Dan

From what I know, Cisco devices use standard syslog, but the text of the log message uses a specific format. The syslog messages start with a static "code" (for lack of a better term) to identify them even though the bulk of the text can vary depending on the device or the cause of the problem. Here are some examples I grabbed from a random webpage:

%C6KPWR-SP-4-UNSUPPORTED
%DUAL-3-INTERNAL
%EARL_L3_ASIC-SP-4-INTR_THROTTLE

This is actually really nice because it makes the syslog messages much easier to match with the logmon probe. Rather than trying to match on the rest of the message text, you can match on the code, which should always look the same.

-Keith