Configuring the Syslog Utility to Receive Cisco BAC Alerts

This chapter explains how to configure the syslog daemon after you install the Cisco Broadband Access Center (BAC). In case of a local data server, you can configure the syslog utility on any Cisco BAC component server to receive alerts from the system. For receiving the syslogs in a centralized server from all the BAC components such as RDU, DPE, CNR and KDC, you can configure the syslog daemon either on any Cisco BAC component server or on a separate server. These component servers are referred as Cisco server in this chapter.

Note Configuring the syslog file is an optional task.

Syslog is a client-server protocol that manages the logging of information on UNIX. Cisco BAC generates alerts through the syslog service. Cisco BAC syslog alerts are not a logging service; they notify that a problem exists, but do not necessarily define the specific cause of the problem.

The information related to the problem resides in the appropriate Cisco BAC log files, rdu.log and dpe.log . If you choose to configure the syslog file, syslog alerts are directed to a separate log file.

For more information on error messages and alerts, refer to the Cisco Broadband Access Center 3.8 Administrator Guide .

Configuring Syslogs on a Local Server

To configure the syslog utility on Solaris and Linux servers:

Step 1 Log in as root on the server.

Step 2 At the command line, create the log file.

For example:

# touch /var/log/bac.log

Step 3 Open the /etc/syslog.conf file with a text editor, such as vi .

Step 4 Add the following lines to the /etc/syslog.conf file:

local6.alert /var/log/bac.log
local6.info /var/log/bac.log
 

Note You must insert one or more tabs between the local6:info and /var/log/bac.log information.

Step 5 Save and close the /etc/syslog.conf file.

Step 6 To force the syslog utility to take the new configuration, at the command line, enter:

# ps -ef | grep syslogd
root 217 1 0 Nov 26 ? 0:00 /usr/sbin/syslogd
 
kill -HUP 217

Note The process ID (PID) in this example is 217, but may change when you run ps -ef | grep syslogd. Use the correct output from that command as the input to kill -HUP.

Syslog is now ready to receive alerts from Cisco BAC.

 

Configuring Centralized Solaris Server to Receive Syslogs

On Solaris machines, the LOG_FROM_REMOTE property specifies whether server messages are logged. By default, this property is enabled.

To configure a centralized server to receive syslog alters:

Step 1 Log into the server as root.

Step 2 By default the LOG_FROM_REMOTE property is enabled. In case it is not, you can enable it by setting it’s value to true as shown in the following commands.

# svccfg -s svc:/system/system-log setprop config/log_from_remote = true
# svcadm refresh svc:/system/system-log
 

Step 3 Create a dummy file.

# touch /var/log/messages

 

Step 4 Add the following configuration in /etc/syslog.conf file:

local6.info @loghost
local6.info /var/log/messages

 

Step 5 Restart the syslog daemon.

# svcadm restart system-log
# tail -f /var/log/messages

Note Always use T ab while modifying /etc/syslog.conf. Using the space bar shows errors while you restart syslogd.

 

Configuring a Server to Send Syslog to Centralized Server on Solaris

After you configure syslog daemon on a centralized server, you must configure the Cisco BAC server to send messages to the centralized server. To do this, edit the /etc/hosts file on the server as explained below.

Step 1 Determine the IP address and fully qualified host name of the server logging host.

Step 2 Log into the server as root.

Step 3 To enable the server logging hostname, add the following entry in the /etc/hosts file:

For example;

IP-address fully-qualified-domain-name hostname "loghost"
 

The /etc/hosts file has the nickname loghost, for the server.

Step 4 Edit the /etc/syslog.conf file to send the syslog messages to the server.

For example;
 
local6.info ifdef(`LOGHOST', /var/log/messages, @loghost)
 

Step 5 Restart the syslog daemon to get the server logging started.

# svcadm restart system-log
 

To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.

 

Configuring Centralized Linux Server to Receive Syslogs

By default, syslog daemon on a centralized server does not expect to receive messages from the Linux Cisco BAC servers. You must configure the centralized server for the syslog daemon to start listening to these messages.

The syslog daemon checks the /etc/syslog.conf file to determine the expected names and locations of the log files it should create. It also checks the /etc/sysconfig/syslog file to determine the various modes in which it should operate. The syslog daemon will not receive server messages unless the SYSLOGD_OPTIONS variable in this file has a -r included in it as shown below:

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from RDU/DPE server machines
# -x disables DNS lookups on messages received with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-2"

 

You must restart the syslog daemon for the changes to take effect. The server listens on UDP port 514, which you can verify using one of the following netstat command variations:

# netstat -a | grep syslog
udp 0 0 *:syslog *:*

# netstat -an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*

Configuring a Server to Send Syslog to Centralized Server on Linux

After you configure syslog daemon on the centralized server, you must configure the Cisco BAC server to send messages to it. To do this, edit the /etc/hosts file on the server.

Step 1 Determine the IP address and fully qualified hostname of the server logging host.

Step 2 Log in as root on the server

Step 3 To enable the server logging hostname, add the following entry in the /etc/hosts file:

For example:

IP-address fully-qualified-domain-name hostname "loghost"
 

In the example, the /etc/hosts file has a nickname loghost, for the server.

Step 4 Edit the /etc/syslog.conf file to send the syslog messages to the server.

For example:

local6.info @loghost
local6.info /var/log/messages

 

Step 5 Restart the syslog daemon to start server logging.

To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.