Teneo !!!

Aaron’s blog on Networking, and Enterprise Technology

Tag Archives: filter

Syslog-ng and filters

So, over the weekend, I had to update 200 routers with SNMP configs, and point them to my SYSLOG server. Easy, right? Well, tedious, since half-way I figured I should have used EXPECT, but by then, I was already half-done.

Anyway, after all my work, I noticed that my syslogs were not receiving any logging. Doing a TCPDUMP showed I received the logs. Strange?

I have alot of filtering done in SYSLOG-NG. With my naming convention, all end-point access routers use [location]-arXX (where XX is the numbered router at that location). So, my filter for access routers is:

host(^.*-ar[0-9]{1,2}.*);

Well, after some searching, SYSLOG-NG actually does a reverse DNS lookup to determine the name, even though I have the hostname inside the log.

After adding 200+ reverse DNS entries, I finally got it working.

Advertisements

Killer show command – The ‘section’ filter

More often than not, I’m wanting to pull out a small subset from my Cisco box’s running-configuration.

Usually, I would do a “show run | beg xxxx”, and just type in where I want the configuration to start from.

This is handy, so you don’t have to page through lots of text before finding your area. The problem is, the paging brings the text you entered to the top. By the time you “break” through the paging, you’ve already entered several lines, and your text is now scrolled up.

Enter the “section” filter. A filter command included in the ‘T’-series of the IOS since 12.3. This is really new to me, though it’s been out there awhile.

This will now give you the entire ‘section’ of the configuration (i.e. the indented text of a configuration object).

For example, if you wanted to see your BGP configuration, you would enter:

#show run | section router bgp.

Or, if you want to see all of your router configs:

#show run | section router

VERY HANDY!!

For more information, you can find it here: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html

 

UPDATE:   CCIEPersuit had blogged about this command back in 2007 (see, told you it wasn’t new, that’s just how far behind the times I am).  It is a MUCH more descriptive entry than mine.