I am running NAV ver. 3.14.15 (downloaded the virtual appliance and did an upgrade) but I am unable to get the syslog part to work (as well as cricket but that I am still researching)
The original logger.conf points to /var/lib/nav/log/cisco.log - shouldn't that point to /var/log/nav? Anyway I changed that to point to /var/log/messages
I also had to enable in rsyslog.conf to receive UDP messages by uncommenting the lines $ModLoad imudp and $UDPServerRun 514.
When I do tail -f /var/log/messages I can see that the Cisco switches are sending messages. If I try to pull up the syslog messages through NAV however it tells me that there are no messages.
Any pointers would be greatly appreciated.
On Tue, 9 Apr 2013 15:26:24 +0000 (UTC) Ted theodore.dd@gmail.com wrote:
When I do tail -f /var/log/messages I can see that the Cisco switches are sending messages. If I try to pull up the syslog messages through NAV however it tells me that there are no messages.
Any pointers would be greatly appreciated.
Hi Ted,
I'm guessing you're they guy who asked the same question on IRC last night. I'll repeat RockJ's answer here, just in case.
The syslog analyzer only understands messages in Cisco format, and it will also attempt to truncate the log file each time is has been read (meaning it requires write access to it). It would therefore be a bad idea to point it to /var/log/messages.
You should redirect syslog messages from your Cisco devices to a separate log file with the correct file permissions.
The original logger.conf points to /var/lib/nav/log/cisco.log - shouldn't that point to /var/log/nav?
That's just a pecularity of the Debian package. NAV's localstatedir is configured by the Debian package to `/var/lib/nav`, but since Debian wants the logs to go to `/var/log/nav` it symlinks `/var/lib/nav/log` to `/var/log/nav`.
-
Morten Brekkevold -
Ted