The syslog analyzer lets you browse Cisco syslog messages that are collected by the syslog deamon. Only Cisco syslog messages are supported.

See further explanation in NAVMore ch 2.4 (in Norwegian). .

A requirement for this tool is that a syslog daemon is running on your NAV machine collecting syslog messages from your Cisco gear. Unfortunately the NAV Syslog Analyzer only supports Cisco syslog messages, other messages will be ignored (an improvement is on our road map).

We recommend that you in your syslog configuration log syslog messages from your network equipment to two parallel files, one that is read (and emptied) by NAV and another that is untouched by NAV. The latter can be inspected as usual from shell (you should rotate as you do with other ever-growing log files). The one that NAV reads and empties is configured in the etc/logger.conf file. It is the NAV background process logger that does this job. Every minute the log file is checked for new messages. If any, they are removed from the file, parsed and inserted into the NAV logger database.

The logger database takes advantage of the fact that Cisco syslog messages have a predefined structure. Briefly explained a Cisco message type consists of three elements with hyphen (-) betwwen. The three elements are: In your syslog

1. Area/topic
2. Priority number, eight values: 0=emergency, 1=alerts, 2=critical, 3=errors, 4=warnings, 5=notifications, 6=informational, 7=debugging.
3. A descriptor within the area/topic.

Some examples:

     IP-3-TCP_BADCKSUM
     IP-4-DUPADDR
     ISDN-6-CONNECT
     LINEPROTO-5-UPDOWN
     LINK-4-ERROR

For a given syslog message a description follow the message type giving further details. Also a time stamp is given and the device the message was received from. An example:

May 27 08:32:58 mtfs-sw.ntnu.no 2002 May 27 08:32:53 MET +02:00 %CDP-4-NVLANMISMATCH:Native vlan mismatch detected on port 4/2

NAV sysloganalysator utnytter strukturen og splitter opp meldingene og legger dem inn i en database (navlog). Vi har også adoptert samme feilmeldingssystem for NAV sine egne feilmeldinger5. Databasen inneholder derfor både cisco-meldinger og nav-meldinger (tabellen system indikerer opphav). Det er totalt fem tabeller i navlog, de er vist med felter og relasjoner på figur 2.