Last modified
07-May-2003 10:26 PM
Comments to tbird
On this page:
Apache
BIND v8
Borderware Firewall
Checkpoint FireWall-1
Cisco Catalyst Switches
Cisco IOS
Cisco PIX
HP 3000 MPE
HP JetDirect Printers
IBM SNA
IPSentry
Microsoft Internet Information Services
Microsoft Windows
MiniVend
NcFTPd
Netgear RT314
Netgear FM114P
Novell Netware FTP Server
PostgreSQL
RedHat Linux
sendmail
Solaris
3Com Total Control Routers
WU-FTP
ZyXEL
My goal here is to collect client configurations for any device that natively logs to syslog, or can be coerced in that direction. It's a combination of personal tinkering, vendor documentation, postings to the Log Analysis mailing list, and mental telepathy. Please test everything thoroughly before deploying in production. Your mileage may vary. Send corrections and contributions to Tina Bird.
We'll be adding similar guidelines for configuring systems to act as loghosts soon.
We've tried to provide at least three types of information, if they're available: command line configuration, configuration through a GUI, and vendor documentation (configuration notes, if not listed above, and references for messages). Some links will go to outside sources; they'll open in a new browser window. Special idiosyncracies are noted.
Configuring BIND for syslog
Vendor logging documentation
Message dictionary
Vendor HomeNote: What does this "lame server" error mean in my logs?
The message dictionary is probably useful for other versions of BIND.
GUI configuration (see also Borderware Firewall syslog Support)
Vendor logging documentation not available
Message dictionary not available
Vendor Home
Command line configuration
Another way to get FW-1 logs to syslog
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Command line configuration
Vendor logging documentation
Message dictionary (for Cat6000 devices; probably generally useful, but YMMV)
Vendor Home
Command line configuration
Vendor logging documentation
Logging Call Detail Records on Cisco VOIP
Message dictionary (general IOS)
Message dictionary (IPsec)
Message dictionary (ICMP message types)
Network Monitoring & Event Correlation
Vendor HomeNote: enable logging at the notification level to catch system reboots and configuration changes.
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Command line configuration (only available for older HP JetDirect cards)
GUI configuration
Vendor logging documentation (configuration through front panel)
Message dictionary
Vendor Home
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor HomeNote: who'd've thought that a network protocol would have its own logging configuration?
GUI configuration
Vendor logging documentation
Message dictionary
Vendor HomeNote: IPSentry is a Windows-based system and network monitoring tool. The configuration instructions explain how to configure it to generate syslog alerts when alarm conditions are detected. It presumably logs administrative events to the Windows Event Log, which can then be forwarded to syslog as described here.
GUI configuration using Event Reporter
GUI configuration using NTsyslog
GUI configuration using BackLog
Writing arbitrary messages from Windows systems to a loghost
Vendor logging documentation
Message dictionary (searchable by Event ID)
Message dictionary (Exchange Server error & event messages)
Message dictionary (Windows 2000 event & error messages)
Auditing & Intrusion Detection in Windows 2000
Vendor Home
Command line configuration
Vendor logging documentation
Message dictionary
Vendor Home
Command line configuration (for logins, logoffs, and file transfers)
Vendor logging documentation (for errors and significant system events)
Message dictionary (xferlog formats)
Message dictionary (session log formats)
Vendor Home
Command line configuration
Vendor logging documentation not available
Message dictionary not available
Vendor Home
Command line configuration
GUI configuration
Vendor logging documentation not available
Message dictionary not available
Vendor Home
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Configuring postgres.conf for centralized logging
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Configuring /etc/syslog.conf for centralized logging
GUI configuration
Vendor logging documentation (continues on two subsequent pages of document)
Configuring syslog event logging on the RedHat Cluster Manager
Initscripts & Logging
Message dictionary
PPP messages written to the system log
Vendor Home
Command line configuration
Vendor logging documentation
Managing Mail Logging (specific to IBM AIX's sendmail but contains generally useful ideas)
Message dictionary
Vendor Home
Configuring /etc/syslog.conf for centralized logging
GUI configuration
Vendor logging documentation
Message dictionary (for Solaris 7; check here for other operating system versions)
Auditing in the Solaris 8 Environment
Solaris BSD Auditing
Vendor Home
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Command line configuration
Vendor logging documentation
Message dictionary not available
Vendor HomeNote: I'm a bit confused. It used to be that the default build of WU-FTP did not support logging to syslog - that's what the command line documentation above explains. But the current man page says that logging to syslog is enabled by starting ftpd with the -l argument, so re-compiling may no longer be necessary.
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home
Device template
Command line configuration
GUI configuration
Vendor logging documentation
Message dictionary
Vendor Home