CATEGORII DOCUMENTE |
syslog Configuration and Cisco Devices
Introduction
Syslog reserves facilities local0 through local7 for log messages received from remote servers and network devices. Routers, switches, firewalls and load balancers each logging with a different facility can each have their own log files for easy troubleshooting. The following examples will show how to have a different log file for each class of device.
If you have a large data center, then you may also want to switch off all logging to /var/log/messages as suggested above for the home/SOHO environment. In all the network device configuration examples below we are logging to the remote Linux logging server 192.168.1.100 which we set up in the previous section.
Cisco Routers
By default Cisco routers send syslog messages to their logging server with a default facility of local7. Don't set the facility in this case, but do tell the router to timestamp the messages and make the messages have the source IP address of the loopback interface.
service timestamps log datetime localtime
no logging console
no logging monitor
logging 192.168.1.100
Catalyst CAT Switches running CATOS
By default Cisco switches also send syslog messages to their logging server with a default facility of local7. Don't change this facility either, therefore making routers and switches log to the same file.
set logging server enable
set logging server 192.168.1.100
set logging level all 5
set logging server severity 6
Cisco Local Director
Local Directors use the syslog output command to set their logging facility and severity. The value provided must be in the format FF.SS (facility.severity) using the numbering scheme in Table IV-1:
Table IV-1 Syslog Facility and Severity Numbering Scheme for Local Directors
Facility |
FF Value |
Severity |
SS Value |
|
local 0 |
System unusable | |||
local 1 |
Immediate action required | |||
local 2 |
Critical condition | |||
local 3 |
Error conditions | |||
local 4 |
Warning conditions | |||
local 5 |
Normal but significant conditions | |||
local 6 |
Informational messages | |||
local 7 |
Debugging messages |
This example uses facility local4 and the logging debugging messages from Table IV-1.
syslog output 20.7
no syslog console
syslog host 192.168.1.100
Cisco PIX Filewalls
PIX firewalls use the numbering scheme in Table IV.2 to determine their logging facilities.
Table IV-2 Syslog Facility and Severity Numbering Scheme for PIX Firewalls
Facility |
Logging Facility Command Value |
local 0 | |
local 1 | |
local 2 | |
local 3 | |
local 4 | |
local 5 | |
local 6 | |
local 7 |
This configuration example assumes that the logging server is connected on the side of the 'inside' protected interface. It sends log messages to facility local3 with a severity level of 5 (Notification) set by the logging trap command.
logging on
logging standby
logging timestamp
logging trap notifications
logging facility 19
logging host inside 192.168.1.100
Cisco CSS11000 (Arrowpoints)
The configuration for the Cisco CSS11000 load balancer series is more straightforward. You specify the facility with an intuitive number using the logging host command and set the severity with the logging subsystem command. This example shows the CSS11000 logging facility local6 and severity level 6 (Informational):
logging host 192.168.1.100 facility 6
set logging subsystem all info-6
logging commands enable
The Sample Cisco syslog.conf File
# All LOCAL3 messages (debug and above) go to the firewall file ciscofw
local3.debug /var/log/cisco/ciscofw
# All LOCAL4 messages (debug and above) go to the Local Director file ciscold
local4.debug /var/log/cisco/ciscold
# All LOCAL6 messages (debug and above) go to the CSS file ciscocss
local6.debug /var/log/cisco/ciscocss
# All LOCAL7 messages (debug and above) go to the ciscoacl
# This includes ACL logs which are logged at severity debug
local7.debug /var/log/cisco/ciscoacl
# LOCAL7 messages (notice and above) go to the ciscoinfo
# This excludes ACL logs which are logged at severity debug
local7.notice /var/log/cisco/ciscoinfo
Politica de confidentialitate | Termeni si conditii de utilizare |
Vizualizari: 1832
Importanta:
Termeni si conditii de utilizare | Contact
© SCRIGROUP 2024 . All rights reserved