SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


ciscosyslog
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ciscosyslog [2013/04/21 20:15] (current)
sjoerd created
Line 1: Line 1:
 += Cisco Syslog =
  
 +This is a page with information about how to send cisco logging to a linux syslog server.
 +\\
 +All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).
 +
 += Setup Date and Time =
 +
 +To make sure the logs are displaying the correct timestamp first configure the date and time correctly.
 +
 +== NTP Server ==
 +<​code>​
 +ntp server 10.10.10.123
 +</​code>​
 +
 +== Timezone ==
 +<​code>​
 +clock timezone CET +1
 +</​code>​
 +
 +== Summertime ==
 +<​code>​
 +clock summer-time CET recurring 1 Sunday April 2:00 last Sunday October 3:00
 +</​code>​
 +
 +== View Date and Time ==
 +<​code>​
 +switch04#​show clock
 +15:​15:​53.642 CET Thu Sep 23 2010
 +</​code>​
 +
 +Correct!
 +
 += Setup Syslog on Cisco Switch =
 +
 +== Set Timestamps for Logging ==
 +<​code>​
 +service timestamp log datetime localtime
 +</​code>​
 +
 +== Define Syslog Server --
 +<​code>​
 +no logging console
 +no logging monitor
 +logging syslog.company.local
 +</​code>​
 +
 +== Set Syslog Severity Level ==
 +<​code>​
 +logging trap 6
 +</​code>​
 +
 +Note:
 +<​code>​
 +switch04(config)#​logging trap ?
 +  <​0-7> ​         Logging severity level
 +  emergencies ​   System is unusable ​               (severity=0)
 +  alerts ​        ​Immediate action needed ​          ​(severity=1)
 +  critical ​      ​Critical conditions ​              ​(severity=2)
 +  errors ​        Error conditions ​                 (severity=3)
 +  warnings ​      ​Warning conditions ​               (severity=4)
 +  notifications ​ Normal but significant conditions (severity=5)
 +  informational ​ Informational messages ​           (severity=6)
 +  debugging ​     Debugging messages ​               (severity=7)
 +</​code>​
 +
 +
 +== Enable Logon Syslog ==
 +<​code>​
 +logging facility auth
 +</​code>​
 +
 +== Enable Syslogging over Management Interface ==
 +<​code>​
 +logging source-interface Vlan1
 +logging on
 +</​code>​
 +
 +== Show Logging Configuration ==
 +
 +<​code>​
 +switch04#​show logging
 +Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,​ 0 flushes, 0 overruns)
 +    Console logging: level debugging, 2023 messages logged
 +    Monitor logging: level debugging, 0 messages logged
 +    Buffer logging: level debugging, 2023 messages logged
 +    Exception Logging: size (4096 bytes)
 +    File logging: disabled
 +    Trap logging: level informational,​ 2043 message lines logged
 +        Logging to 10.10.10.14,​ 1 message lines logged
 +
 +</​code>​
 +
 += Check and Close =
 +Now check the configuration,​ and only write the configuration to the cisco device if everything is correct. To do so:
 +<​code>​
 +write
 +exit
 +</​code>​
 +
 += Logging Of Configuration Changes =
 +The logging of configuration changes was introduced with IOS version 12.3. Since we're running 12.1 with no option to upgrade to 12.3 no testing there. All possibilities are described here: http://​www.cisco.com/​en/​US/​docs/​ios/​12_3t/​12_3t4/​feature/​guide/​gtconlog.html
 +\\
 +More logging info: http://​www.cisco.com/​en/​US/​docs/​ios/​netmgmt/​command/​reference/​nm_09.html \\
 +
 += Sources =
 +http://​www.ciscopress.com/​articles/​article.asp?​p=426638&​seqNum=3 ​ \\
 +http://​www.cisco.com/​en/​US/​docs/​ios/​12_3/​configfun/​command/​reference/​cfr_1g01.html#​wp1033365 \\
 +http://​blog.ioshints.info/​ \\
 +
 +
 +{{tag>​network cisco syslog}}
ciscosyslog.txt ยท Last modified: 2013/04/21 20:15 by sjoerd