Setting up syslog

Route, Security 1 Minute

Setting up syslog

by Cyrus Lok on Thursday, April 1, 2010 at 6:49pm
From 871, I will verify if the time stamp has been enabled or not.

R871(config)#do sh run | i service
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

My syslog is in Vlan10, from 871:

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R871#ping 10.10.10.10

Because Norton 360 smartfirewall has dropped all icmp.

After i disabled norton 360 smart firewall:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

My syslog ip address at vlan 10, 10.10.10.10/28
R871(config)#logging 10.10.10.10

Set the severity level to be logged.

R871(config)#logging trap ?
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
<cr>

It is best in my opinion to log from notification until emergencies. Notification will log changes done from which host too. If logged too much meaning if logged from level 6 onwards the syslog will be very huge because level 6 messages are very common.

R871(config)#logging trap notifications

So all notifications until emergencies messages will be logged to the syslog server which I have pointed the router to refer to.

I turned on fa4 interface to test the logging:
R871(config)#int fa4
R871(config-if)#no shut
R871(config-if)#
Apr 1 18:41:33.947: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up
Apr 1 18:41:34.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
R871(config-if)#
Apr 1 18:41:34.947: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.10.10.10 port 514 started – CLI initiated
R871(config-if)#
Apr 1 18:41:39.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
R871(config-if)#
Apr 1 18:43:06.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
R871(config-if)#

Messages logged and sent to syslog server
Advertisement

Published by cyruslab

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s