Scrigroup - Documente si articole

     

HomeDocumenteUploadResurseAlte limbi doc
AccessAdobe photoshopAlgoritmiAutocadBaze de dateCC sharp
CalculatoareCorel drawDot netExcelFox proFrontpageHardware
HtmlInternetJavaLinuxMatlabMs dosPascal
PhpPower pointRetele calculatoareSqlTutorialsWebdesignWindows
WordXml


syslog Configuration and Cisco Devices

linux



+ Font mai mare | - Font mai mic



syslog Configuration and Cisco Devices

Introduction

Syslog reserves facilities local0 through local7 for log messages received from remote servers and network devices. Routers, switches, firewalls and load balancers each logging with a different facility can each have their own log files for easy troubleshooting. The following examples will show how to have a different log file for each class of device.



If you have a large data center, then you may also want to switch off all logging to /var/log/messages as suggested above for the home/SOHO environment. In all the network device configuration examples below we are logging to the remote Linux logging server 192.168.1.100 which we set up in the previous section.

Cisco Routers

By default Cisco routers send syslog messages to their logging server with a default facility of local7. Don't set the facility in this case, but do tell the router to timestamp the messages and make the messages have the source IP address of the loopback interface.

service timestamps log datetime localtime

no logging console

no logging monitor

logging 192.168.1.100

Catalyst CAT Switches running CATOS

By default Cisco switches also send syslog messages to their logging server with a default facility of local7. Don't change this facility either, therefore making routers and switches log to the same file.

set logging server enable

set logging server 192.168.1.100

set logging level all 5

set logging server severity 6

Cisco Local Director

Local Directors use the syslog output command to set their logging facility and severity. The value provided must be in the format FF.SS (facility.severity) using the numbering scheme in Table IV-1:

Table IV-1 Syslog Facility and Severity Numbering Scheme for Local Directors

Facility

FF Value

Severity

SS Value

local 0

System unusable

local 1

Immediate action required

local 2

Critical condition

local 3

Error conditions

local 4

Warning conditions

local 5

Normal but significant conditions

local 6

Informational messages

local 7

Debugging messages

This example uses facility local4 and the logging debugging messages from Table IV-1.

syslog output 20.7

no syslog console

syslog host 192.168.1.100

Cisco PIX Filewalls

PIX firewalls use the numbering scheme in Table IV.2 to determine their logging facilities.

Table IV-2 Syslog Facility and Severity Numbering Scheme for PIX Firewalls

Facility

Logging Facility

Command Value

local 0

local 1

local 2

local 3

local 4

local 5

local 6

local 7

This configuration example assumes that the logging server is connected on the side of the 'inside' protected interface. It sends log messages to facility local3 with a severity level of 5 (Notification) set by the logging trap command.

logging on

logging standby

logging timestamp

logging trap notifications

logging facility 19

logging host inside 192.168.1.100

Cisco CSS11000 (Arrowpoints)

The configuration for the Cisco CSS11000 load balancer series is more straightforward. You specify the facility with an intuitive number using the logging host command and set the severity with the logging subsystem command. This example shows the CSS11000 logging facility local6 and severity level 6 (Informational):

logging host 192.168.1.100 facility 6

set logging subsystem all info-6

logging commands enable

The Sample Cisco syslog.conf File

# All LOCAL3 messages (debug and above) go to the firewall file ciscofw

local3.debug /var/log/cisco/ciscofw

# All LOCAL4 messages (debug and above) go to the Local Director file ciscold

local4.debug /var/log/cisco/ciscold

# All LOCAL6 messages (debug and above) go to the CSS file ciscocss

local6.debug /var/log/cisco/ciscocss

# All LOCAL7 messages (debug and above) go to the ciscoacl

# This includes ACL logs which are logged at severity debug

local7.debug /var/log/cisco/ciscoacl

# LOCAL7 messages (notice and above) go to the ciscoinfo

# This excludes ACL logs which are logged at severity debug

local7.notice /var/log/cisco/ciscoinfo



Politica de confidentialitate | Termeni si conditii de utilizare



DISTRIBUIE DOCUMENTUL

Comentarii


Vizualizari: 1832
Importanta: rank

Comenteaza documentul:

Te rugam sa te autentifici sau sa iti faci cont pentru a putea comenta

Creaza cont nou

Termeni si conditii de utilizare | Contact
© SCRIGROUP 2024 . All rights reserved