Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
networking_wiki:syslogging [2014/11/20 19:33] 127.0.0.1 external edit |
networking_wiki:syslogging [2015/03/09 23:13] billdozor |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Syslogging ====== | ====== Syslogging ====== | ||
+ | |||
+ | **General Information** | ||
+ | |||
Configure syslog messages on Cisco devices. | Configure syslog messages on Cisco devices. | ||
+ | |||
+ | **Checklist** | ||
+ | * Syslog server setup | ||
+ | * One of the below devices to send logging data | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Scenario ===== | ||
In these examples, we want to exclude: | In these examples, we want to exclude: | ||
Line 13: | Line 24: | ||
* We want to ignore certain messages on IOS edge switches (not core NX-OS switches) | * We want to ignore certain messages on IOS edge switches (not core NX-OS switches) | ||
+ | ----- | ||
- | __Switches IOS__ | + | ===== Switches IOS ===== |
< | < | ||
logging discriminator LINKLOGS severity includes 0,1,2,3,4,5 facility drops LINK|LINEPROTO mnemonics drops UPDOWN | logging discriminator LINKLOGS severity includes 0,1,2,3,4,5 facility drops LINK|LINEPROTO mnemonics drops UPDOWN | ||
Line 22: | Line 34: | ||
</ | </ | ||
- | __NX OS__ | + | ---- |
+ | |||
+ | ===== NX OS ===== | ||
< | < | ||
conf t | conf t | ||
Line 31: | Line 45: | ||
</ | </ | ||
- | __ASA VPN__ | + | ---- |
+ | |||
+ | ===== ASA VPN ===== | ||
This ASA Firewall syslog example shows how to ONLY send syslogs on VPN connect or disconnect. | This ASA Firewall syslog example shows how to ONLY send syslogs on VPN connect or disconnect. | ||
Line 46: | Line 62: | ||
</ | </ | ||
- | __Syslog | + | ----- |
+ | |||
+ | ===== Syslog | ||
Some devices cannot change the syslog port they log to and by default use udp/514. This is a problem on Linux servers, since privileged ports 1024 and below can only be used by root. | Some devices cannot change the syslog port they log to and by default use udp/514. This is a problem on Linux servers, since privileged ports 1024 and below can only be used by root. | ||
Line 54: | Line 72: | ||
Example Firewall INPUT chain could be: | Example Firewall INPUT chain could be: | ||
- | < | + | < |
-A INPUT -i lo -m comment --comment " | -A INPUT -i lo -m comment --comment " | ||
-A INPUT -m conntrack --ctstate RELATED, | -A INPUT -m conntrack --ctstate RELATED, | ||
Line 67: | Line 85: | ||
And the redirect to handle udp/514 to udp/1030: | And the redirect to handle udp/514 to udp/1030: | ||
- | < | + | < |
-A PREROUTING -d 192.168.1.16/ | -A PREROUTING -d 192.168.1.16/ | ||
</ | </ |