Network equipment is often configured to log console messages over the network to a host using its syslog facility. All UNIX systems have a daemon called syslogd that listens on UDP port 514 and logs messages received to a file name indicated in the /etc/syslog.conf file. See Figure 8-1 for an example.
The UNIX syslogd daemon logs incoming UDP messages into one of the listed log files. For example, routers may be configured to send their console messages to the NNM system. They will be logged to a specific file, /var/log/routerlog. # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don’t log private authentication messages! *.info;mail.none;authpriv.none /var/log/messages # Router console log messages (Check specific facility of your router) router /var/log/routerlog # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Everybody gets emergency messages, plus log them on another # machine. *.emerg * # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spooler |
The actual text logged by syslogd will be specific to the device and may even depend on the firmware revision, type of model, and type of interface adapter. The severity of the message is indicated by its text.
How can you monitor this file? Data in the syslog files is not monitored by NNM directly and the information in it may not be apparent when viewed through SNMP eyes.
If you’re running the ITO daemon, it can be configured to examine this file as it grows, to look for special text strings with special meaning, and to generate an ITO alarm. Perhaps ITO is not the right tool since the management application runs elsewhere.
An alternative, and perhaps preferable, solution is to run a small UNIX script in the background to monitor the router syslog file. The script can perform the following steps:
18.119.117.207