Skip to main content

Configure rsyslog on Red Hat Enterprise Linux 6 (RHEL6) for Cisco Switches

One of the problems that you can face during configuration of cisco switches for Red Hat Enterprise Linux 6 is the correct formatting. I had to go through this and make sure it is working for Sonicwall and Cisco Switches so here you go! Also, if I were you, I would add a disclaimer to let someone else know about or not to change the configurations.

1. create your file under /var/log/
2. [username@servername log] touch cisco-example
3. Next you have to Edit rsyslog
4. [username@servername log] vi /etc/rsyslog.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example1
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example2
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"    /var/log/cisco-example3
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"   /var/log/cisco-example4
& ~
# Sonicwall Firewall Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"      /var/log/sonicwall
& ~

5. Make sure your UDP Port is open in /etc/sysconfig/iptables
6. Add the following lines to your /etc/sysconfig/iptables
7. [username@servername log] vi /etc/sysconfig/iptables
# Port for Syslog Communciations on UDP Port 514
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

8. service iptables restart
9. service rsyslog restart
10. tail -f /var/log/cisco-example or whatever you are logging to make sure it is writing to your logs.
11. Install Splunk on a VM or another server and start generating some super reports from the logs for your management so that they will love you!

NOTE: If you can't tell what "&" is, it is the ampersan symbol above #7 on the keyboard. =)

Red Hat Reference Article: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Viewing_and_Managing_Log_Files.html

Popular posts from this blog

How to Configure HP ILO 4 for Active Directory Login

1. Make sure that your Windows Active Directory Domain Controller has an SSL Certificate to support port 636 (HP's authentication doesn't like 389)

2. Use Softerra LDAP Administrator (or whatever is your preferred tool to get the OU path) if you don't know how to do it by heart (which...um...sometimes its better to verify).

3. Make sure that you have a way to authenticate users by adding in the OU where your restricted accounts are located. You don't want anyone in the domain to be able to login to the server.

ILO Login > Administration > User Administration - Click New and Add the Group DN Only:



Click Add Group and then you will see your group added. (*Make sure it's a security group)


4. Add in your Windows Active Directory DC to authenticate against (Verified against 2008R2):

ILO Login > Administration > Security - Directory (*Make sure it's the OU where the security group is)


5. Sign Out (Log off) and then Log Back in (If you don't see Direct…

How to Fix /storage/core filesystem Out of Disk Space Error on VCSA 6.0U1

How to fix the error of "The /storage/core filesystem is out of disk space or inodes"


Step 1: Login to the new VCSA 6.0U1 HTML5 web client. https://ip address:5480



Step 2: Enable SSH and Bash Shell
Step 3: Login as root and type "shell" at Command> shell
Step 4: df -h (Check if it's out of space)
/dev/mapper/core_vg-core               50G   50G     0 100% /storage/core
Step 5: Stop the services of VCSA: 
hostname: # service vmware-vpxd stop hostname: # service vmware-vpxd status (make sure it is stopped)
Step 6:  cd /storage/core
Step 7: rm -rf *.tgz (be CAREFUL...do this in the wrong directory and you will be retrieving from a backup.)


If you need help. Go to Cybercity (http://www.cyberciti.biz/faq/delete-all-files-folder-linux/
Step 8: service vmware-vpxd restart

Step 9: history -c
Step 10: Refresh the browser (https://ip address:5480). Now it's all green


VMware KB: (

How to Configure BGInfo for Windows Server 2012 R2

FYI: It's not hypervisor specific and works fine for physical servers also.
Download BGINFO from Microsoft Downloads Only
http://technet.microsoft.com/en-us/sysinternals/bb897557

1. Create a folder named bginfo under C:\bginfo
2. Extract all of the contents of bginfo to that folder.
3. Open Bginfo and setup your configurations.


*Custom configurations can be found here thanks to Shay Levy: http://blogs.microsoft.co.il/scriptfanatic/2008/07/22/bginfo-custom-information/

4. Once you have completed your custom configurations. Click on File Save As and save your .bgi configuration to C:\bginfo (Don't bother saving to C:\Windows\System32\* SysPrep and Imaging will strip and mess up any settings so don't bother) *Do NOT just clone your VM's!!


5. After you have saved your configuration. Create a batch file named whatever and add the following to the first line (*whatever you named the .bgi file is what you put second after the bginfo.exe path):


6. In case you forgot how. Enable…