Syslog ????

[bruss]

I setuop everything fine using the forums and the http://ipofobi110 method. I have my syslog set to my freebsd server and the level set to 7. I see the syslog scrolling when i make a change and reboot but i dont see call setup messages? do i just change the level?

[RonR]

If you're wanting to see SIP exchanges:

Voice Services -> SPx Service -> X_SipDebugOption : (Log ...)

[bruss]

its checked. I will try to toggle it and see if it works

[bruss]

i found them! I have something boogered in my freebsd syslog cause i see them in /var/log/messages

[bruss]

are these local.7 messages?

[bruss]

weird both my mac and freebsd syslogd servers dont log these as local.7

i can see them in freebsd in messages and all my cisco gear is local7 going to a different file than /var/log/messages.

Are these in fact not local7?

[RonR]

Are these in fact not local7?

What does 'local7' mean?

[bruss]

Syslog uses different facilities to separate log messages. The indexer's default facility is LOCAL7.

Facility helps to separate DataparkSearch messages from others. You can modify /etc/syslog.conf to tell syslog how to treat DataparkSearch messages. For example:
# Log all messages from DataparkSearch to separate file
local7.*        -/var/log/DataparkSearch.log

I send all my local7.* messages to a certain file and not the /var/log/messages file.  Since these sip messages are not being sent to my local7 file they are either A. Not local7 or B. i have some kind of flag problen in the syslogd. I can see they reboots all day long but the call setup messages do not go to anywhere but the deafult file. The default file is a catch all for all things not rerouted to seperate file so therefore wading through it for call setups is a nightmare.

[bruss]

This is from Cisco.com and probably a better explanation.

And i understand this isnt a cisco device but its a protocol (defined in RFC 3164)

Facility

Syslog messages are broadly categorized on the basis of the sources that generate them. These sources can be the operating system, the process, or an application. These categories, called facility, are represented by integers, as shown in Table 4-1. The local use facilities are not reserved and are available for general use. Hence, the processes and applications that do not have pre-assigned facility values can choose any of the eight local use facilities. As such, Cisco devices use one of the local use facilities for sending syslog messages.

Table 4-1. Facility Values




Integer


Facility

0 Kernel messages
1 User-level messages
2 Mail system
3 System daemons
4 Security/authorization messages
5 Messages generated internally by Syslogd
6 Line printer subsystem
7 Network news subsystem
8 UUCP subsystem
9 Clock daemon
10 Security/authorization messages
11 FTP daemon
12 NTP subsystem
13 Log audit
14 Log alert
15 Clock daemon
16 Local use 0 (local0)
17 Local use 1 (local1)
18 Local use 2 (local2)
19 Local use 3 (local3)
20 Local use 4 (local4)
21 Local use 5 (local5)
22 Local use 6 (local6)
23 Local use 7 (local7)

By default, Cisco IOS devices, CatOS switches, and VPN 3000 Concentrators use facility local7 while Cisco PIX Firewalls use local4 to send syslog messages. Moreover, most Cisco devices provide options to change the facility level from their default value.

[bruss]

Forget syslog.. I just hooked up the other nic in my pc to my cisco catalyst and mirrored the OBI's port so i can see/capture real time messaging.