Configuring the Syslog Utility to Receive Cisco BAC Alerts
This chapter explains how to configure the syslog daemon after you install the Cisco Broadband Access Center (BAC). In case of a local data server, you can configure the syslog utility on any Cisco BAC component server to receive alerts from the system. For receiving the syslogs in a centralized server from all the BAC components such as RDU, DPE, CNR and KDC, you can configure the syslog daemon either on any Cisco BAC component server or on a separate server. These component servers are referred as Cisco server in this chapter.
Note Configuring the syslog file is an optional task.
Syslog is a client-server protocol that manages the logging of information on UNIX. Cisco BAC generates alerts through the syslog service. Cisco BAC syslog alerts are not a logging service; they notify that a problem exists, but do not necessarily define the specific cause of the problem.
The information related to the problem resides in the appropriate Cisco BAC log files, rdu.log and dpe.log. If you choose to configure the syslog file, syslog alerts are directed to a separate log file.
For more information on error messages and alerts, refer to the Cisco Broadband Access Center 3.7 Administrator Guide.
Configuring Syslogs on a Local Server
To configure the syslog utility on Solaris and Linux servers:
Step 1 Log in as root on the server.
Step 2 At the command line, create the log file.
For example:
Step 3 Open the /etc/syslog.conf file with a text editor, such as vi.
Step 4 Add the following lines to the /etc/syslog.conf file:
local6.alert /var/log/bac.log
local6.info /var/log/bac.log
Note You must insert one or more tabs between the local6:info and /var/log/bac.log information.
Step 5 Save and close the /etc/syslog.conf file.
Step 6 To force the syslog utility to take the new configuration, at the command line, enter:
root 217 1 0 Nov 26 ? 0:00 /usr/sbin/syslogd
Note The process ID (PID) in this example is 217, but may change when you run ps -ef | grep syslogd. Use the correct output from that command as the input to kill -HUP.
Syslog is now ready to receive alerts from Cisco BAC.
Configuring Centralized Solaris Server to Receive Syslogs
On Solaris machines, the LOG_FROM_REMOTE property specifies whether server messages are logged. By default, this property is enabled.
To configure a centralized server to receive syslog alters:
Step 1 Login to the server as root.
Step 2 By default the LOG_FROM_REMOTE property is enabled. In case it is not, you can enable it by setting it's value to true as shown in the following commands.
# svccfg -s svc:/system/system-log setprop config/log_from_remote = true
# svcadm refresh svc:/system/system-log
Step 3 Create a dummy file.
# touch /var/log/messages
Step 4 Add the following configuration in /etc/syslog.conf file:
local6.info /var/log/messages
Step 5 Restart the syslog daemon.
# svcadm restart system-log
# tail -f /var/log/messages
Note Always use T ab while modifying /etc/syslog.conf. Using the space bar shows errors while you restart syslogd.
Configuring a Server to Send Syslog to Centralized Server on Solaris
After you configure syslog daemon on a centralized server, you must configure the Cisco BAC server to send messages to the centralized server. To do this, edit the /etc/hosts file on the server as explained below.
Step 1 Determine the IP address and fully qualified host name of the server logging host.
Step 2 Login to the server as root.
Step 3 To enable the server logging hostname, add the following entry in the /etc/hosts file:
For example;
IP-address fully-qualified-domain-name hostname "loghost"
The /etc/hosts file has the nickname loghost, for the server.
Step 4 Edit the /etc/syslog.conf file to send the syslog messages to the server.
local6.info ifdef(`LOGHOST', /var/log/messages, @loghost)
Step 5 Restart the syslog daemon to get the server logging started.
# svcadm restart system-log
To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.
Configuring Centralized Linux Server to Receive Syslogs
By default, syslog daemon on a centralized server does not expect to receive messages from the Linux Cisco BAC servers. You must configure the centralized server for the syslog daemon to start listening to these messages.
The syslog daemon checks the /etc/syslog.conf file to determine the expected names and locations of the log files it should create. It also checks the /etc/sysconfig/syslog file to determine the various modes in which it should operate. The syslog daemon will not receive server messages unless the SYSLOGD_OPTIONS variable in this file has a -r included in it as shown below:
# -m 0 disables 'MARK' messages.
# -r enables logging from RDU/DPE server machines
# -x disables DNS lookups on messages received with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r"
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
You must restart the syslog daemon for the changes to take effect. The server listens on UDP port 514, which you can verify using one of the following netstat command variations:
–# netstat -a | grep syslog
udp 0 0 *:syslog *:*
–# netstat -an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
Configuring a Server to Send Syslog to Centralized Server on Linux
After you configure syslog daemon on the centralized server, you must configure the Cisco BAC server to send messages to it. To do this, edit the /etc/hosts file on the server.
Step 1 Determine the IP address and fully qualified hostname of the server logging host.
Step 2 Log in as root on the server
Step 3 To enable the server logging hostname, add the following entry in the /etc/hosts file:
For example:
IP-address fully-qualified-domain-name hostname "loghost"
In the example, the /etc/hosts file has a nickname loghost, for the server.
Step 4 Edit the /etc/syslog.conf file to send the syslog messages to the server.
For example:
local6.info /var/log/messages
Step 5 Restart the syslog daemon to start server logging.
To test whether the syslog server is receiving the messages, stop the RDU server. The DPE and CNR servers will send a message indicating the connection failure.