The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter explains how to configure the syslog daemon after you install the Cisco Broadband Access Center (BAC). In case of a local data server, you can configure the syslog utility on any Cisco BAC component server to receive alerts from the system. For receiving the syslogs in a centralized server from all the BAC components such as RDU, DPE, CNR and KDC, you can configure the syslog daemon either on any Cisco BAC component server or on a separate server. These component servers are referred as Cisco server in this chapter.
Note Configuring the syslog file is an optional task.
Syslog is a client-server protocol that manages the logging of information on UNIX. Cisco BAC generates alerts through the syslog service. Cisco BAC syslog alerts are not a logging service; they notify that a problem exists, but do not necessarily define the specific cause of the problem.
The information related to the problem resides in the appropriate Cisco BAC log files, rdu.log and dpe.log. If you choose to configure the syslog file, syslog alerts are directed to a separate log file.
For more information on error messages and alerts, refer to the Cisco Broadband Access Center 3.8 Administrator Guide.
To configure the syslog utility on Solaris and Linux servers:
Step 1 Log in as root on the server.
Step 2 At the command line, create the log file.
For example:
# touch /var/log/bac.log
Step 3 Open the /etc/syslog.conf file with a text editor, such as vi.
Step 4 Add the following lines to the /etc/syslog.conf file:
local6.alert /var/log/bac.log
local6.info /var/log/bac.log
Note You must insert one or more tabs between the local6:info and /var/log/bac.log information.
Step 5 Save and close the /etc/syslog.conf file.
Step 6 To force the syslog utility to take the new configuration, at the command line, enter:
# ps -ef | grep syslogd
root 217 1 0 Nov 26 ? 0:00 /usr/sbin/syslogd
kill -HUP 217
Note The process ID (PID) in this example is 217, but may change when you run ps -ef | grep syslogd. Use the correct output from that command as the input to kill -HUP.
Syslog is now ready to receive alerts from Cisco BAC.
On Solaris machines, the LOG_FROM_REMOTE property specifies whether server messages are logged. By default, this property is enabled.
To configure a centralized server to receive syslog alters:
Step 1 Log into the server as root.
Step 2 By default the LOG_FROM_REMOTE property is enabled. In case it is not, you can enable it by setting it's value to true as shown in the following commands.
# svccfg -s svc:/system/system-log setprop config/log_from_remote = true
# svcadm refresh svc:/system/system-log
Step 3 Create a dummy file.
# touch /var/log/messages
Step 4 Add the following configuration in /etc/syslog.conf file:
local6.info @loghost
local6.info /var/log/messages
Step 5 Restart the syslog daemon.
# svcadm restart system-log
# tail -f /var/log/messages
Note Always use T ab while modifying /etc/syslog.conf. Using the space bar shows errors while you restart syslogd.
After you configure syslog daemon on a centralized server, you must configure the Cisco BAC server to send messages to the centralized server. To do this, edit the /etc/hosts file on the server as explained below.
Step 1 Determine the IP address and fully qualified host name of the server logging host.
Step 2 Log into the server as root.
Step 3 To enable the server logging hostname, add the following entry in the /etc/hosts file:
For example;
IP-address fully-qualified-domain-name hostname "loghost"
The /etc/hosts file has the nickname loghost, for the server.
Step 4 Edit the /etc/syslog.conf file to send the syslog messages to the server.
For example;
local6.info ifdef(`LOGHOST', /var/log/messages, @loghost)
Step 5 Restart the syslog daemon to get the server logging started.
# svcadm restart system-log
To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.
By default, syslog daemon on a centralized server does not expect to receive messages from the Linux Cisco BAC servers. You must configure the centralized server for the syslog daemon to start listening to these messages.
The syslog daemon checks the /etc/rsyslog.conf file to determine the expected names and locations of the log files it should create. It also checks whether the UDP syslog reception is configured in this file, as shown below:
# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514
:FROMHOST-IP, isequal, "ipaddress" /var/log/rhel6.log
In the above line, replace ipaddress with the IP-address of the the client that will send message to the centralized Linux server, and replace rhel6.log with the intended log file name.
You must restart the syslog daemon for the changes to take effect:
/sbin/service rsyslog restart
The server listens on UDP port 514, which you can verify using one of the following netstat command variations:
netstat -an | grep udp | grep 514
The expected output for the above command is:
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 0 0 :::514 :::*
After you configure syslog daemon on the centralized server, you must configure the Cisco BAC server to send messages to it. To do this, edit the two files - /etc/hosts and /etc/rsyslog.conf - on the Cisco BAC server.
Step 1 Determine the IP address and fully qualified hostname of the server logging host.
Step 2 Log in as root on the server
Step 3 To enable the server logging hostname, add the following line in the /etc/hosts file (using vi editor):
IP-address fully-qualified-domain-name hostname "loghost"
In the above line, replace IP-address with the IP address of the centralized server to which the messages will be sent, and also replace fully-qualified-domain-name and hostname
with the respective values for the centralized server. loghost
is an example of an optional nickname that you can use for the server, hostname
.
Step 4 Edit the /etc/rsyslog.conf file (using vi editor) to add the following lines, to send the syslog messages to the centralized server:
local6.info @loghost
local6.info /var/log/messages
In the above lines, replace loghost with the actual nickname of the centralized server as entered in Step 3. Instead, if you have not configured the nickname, you can replace loghost
with the hostname.
Step 5 Restart the syslog daemon to start server logging:
/sbin/service rsyslog restart
To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.