networking_wiki:syslogging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
networking_wiki:syslogging [2014/11/20 19:33]
127.0.0.1 external edit 		networking_wiki:syslogging [2014/12/08 20:45]
billdozor
Line 14: Line 14:
  
  
-__Switches IOS__+===== Switches IOS =====
 <code> <code>
 logging discriminator LINKLOGS severity includes 0,1,2,3,4,5 facility drops LINK|LINEPROTO mnemonics drops UPDOWN logging discriminator LINKLOGS severity includes 0,1,2,3,4,5 facility drops LINK|LINEPROTO mnemonics drops UPDOWN
Line 22: Line 22:
 </code> </code>
  
-__NX OS__+===== NX OS =====
 <code> <code>
 conf t conf t
Line 31: Line 31:
 </code> </code>
  
-__ASA VPN__+===== ASA VPN =====
  
 This ASA Firewall syslog example shows how to ONLY send syslogs on VPN connect or disconnect. This ASA Firewall syslog example shows how to ONLY send syslogs on VPN connect or disconnect.
Line 46: Line 46:
 </code> </code>
  
-__Syslog Server Firewall Config__+===== Syslog Server Firewall Config =====
  
 Some devices cannot change the syslog port they log to and by default use udp/514. This is a problem on Linux servers, since privileged ports 1024 and below can only be used by root. Some devices cannot change the syslog port they log to and by default use udp/514. This is a problem on Linux servers, since privileged ports 1024 and below can only be used by root.
Line 54: Line 54:
  
 Example Firewall INPUT chain could be: Example Firewall INPUT chain could be:
-<code>+<code bash>
 -A INPUT -i lo -m comment --comment "Loopback Operations" -j ACCEPT -A INPUT -i lo -m comment --comment "Loopback Operations" -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Related,Est Connections" -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Related,Est Connections" -j ACCEPT
Line 67: Line 67:
  
 And the redirect to handle udp/514 to udp/1030: And the redirect to handle udp/514 to udp/1030:
-<code>+<code bash>
 -A PREROUTING -d 192.168.1.16/32 -p udp -m udp --dport 514 -m comment --comment "Redirect Syslogs(514) to Splunk Syslog port 1030" -j DNAT --to-destination 192.168.1.16:1030 -A PREROUTING -d 192.168.1.16/32 -p udp -m udp --dport 514 -m comment --comment "Redirect Syslogs(514) to Splunk Syslog port 1030" -j DNAT --to-destination 192.168.1.16:1030
 </code> </code>
  • networking_wiki/syslogging.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)