Configuring the Syslog Utility to Receive Cisco BAC Alerts
This chapter explains how to configure the syslog daemon after you install the Cisco Broadband Access Center (BAC). In case of a local data server, you can configure the syslog utility on any Cisco BAC component server to receive alerts from the system. For receiving the syslogs in a centralized server from all the BAC components such as RDU, DPE, CNR and KDC, you can configure the syslog daemon either on any Cisco BAC component server or on a separate server. These component servers are referred as Cisco server in this chapter.
Note Configuring the syslog file is an optional task.
Syslog is a client-server protocol that manages the logging of information on UNIX. Cisco BAC generates alerts through the syslog service. Cisco BAC syslog alerts are not a logging service; they notify that a problem exists, but do not necessarily define the specific cause of the problem.
The information related to the problem resides in the appropriate Cisco BAC log files, rdu.log and dpe.log. If you choose to configure the syslog file, syslog alerts are directed to a separate log file.
For more information on error messages and alerts, refer to the Cisco Broadband Access Center 3.10 Administrator Guide.
Configuring Syslogs on a Local Server
To configure the syslog utility on Linux servers:
Step 1 Log in as root on the server.
Step 2 At the command line, create the log file.
Step 3 Open the /etc/syslog.conf file with a text editor, such as vi.
Step 4 Add the following lines to the /etc/syslog.conf file:
Note You must insert one or more tabs between the local6:info and /var/log/bac.log information.
Step 5 Save and close the /etc/syslog.conf file.
Step 6 To force the syslog utility to take the new configuration, at the command line, enter:
root 217 1 0 Nov 26 ? 0:00 /usr/sbin/syslogd
Note The process ID (PID) in this example is 217, but may change when you run ps -ef | grep syslogd. Use the correct output from that command as the input to kill -HUP.
Syslog is now ready to receive alerts from Cisco BAC.
Configuring Centralized Linux Server to Receive Syslogs
By default, syslog daemon on a centralized server does not expect to receive messages from the Linux Cisco BAC servers. You must configure the centralized server for the syslog daemon to start listening to these messages.
The syslog daemon checks the /etc/syslog.conf file to determine the expected names and locations of the log files it should create. It also checks the /etc/sysconfig/syslog file to determine the various modes in which it should operate. The syslog daemon will not receive server messages unless the SYSLOGD_OPTIONS variable in this file has a -r included in it as shown below:
# -m 0 disables 'MARK' messages.
# -r enables logging from RDU/DPE server machines
# -x disables DNS lookups on messages received with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r"
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
You must restart the syslog daemon for the changes to take effect. The server listens on UDP port 514, which you can verify using one of the following netstat command variations:
– # netstat -a | grep syslog
udp 0 0 *:syslog *:*
– # netstat -an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
Configuring a Server to Send Syslog to Centralized Server on Linux
After you configure syslog daemon on the centralized server, you must configure the Cisco BAC server to send messages to it. To do this, edit the /etc/hosts file on the server.
Step 1 Determine the IP address and fully qualified hostname of the server logging host.
Step 2 Log in as root on the server
Step 3 To enable the server logging hostname, add the following entry in the /etc/hosts file:
IP-address fully-qualified-domain-name hostname "loghost"
In the example, the /etc/hosts file has a nickname loghost, for the server.
Step 4 Edit the /etc/syslog.conf file to send the syslog messages to the server.
Step 5 Restart the syslog daemon to start server logging.
To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.