On Tue, 9 Apr 2013 15:26:24 +0000 (UTC) Ted theodore.dd@gmail.com wrote:
When I do tail -f /var/log/messages I can see that the Cisco switches are sending messages. If I try to pull up the syslog messages through NAV however it tells me that there are no messages.
Any pointers would be greatly appreciated.
Hi Ted,
I'm guessing you're they guy who asked the same question on IRC last night. I'll repeat RockJ's answer here, just in case.
The syslog analyzer only understands messages in Cisco format, and it will also attempt to truncate the log file each time is has been read (meaning it requires write access to it). It would therefore be a bad idea to point it to /var/log/messages.
You should redirect syslog messages from your Cisco devices to a separate log file with the correct file permissions.
The original logger.conf points to /var/lib/nav/log/cisco.log - shouldn't that point to /var/log/nav?
That's just a pecularity of the Debian package. NAV's localstatedir is configured by the Debian package to `/var/lib/nav`, but since Debian wants the logs to go to `/var/log/nav` it symlinks `/var/lib/nav/log` to `/var/log/nav`.