Differences

This shows you the differences between two versions of the page.

--- networking_wiki:syslogging [2014/11/20 19:33]
127.0.0.1 external edit
+++ networking_wiki:syslogging [2019/05/25 23:50] (current)
@@ Line 1: / Line 1: @@
 ====== Syslogging ======
+**General Information**
 Configure syslog messages on Cisco devices.
+**Checklist**
+  * Syslog server setup
+  * One of the below devices to send logging data
+----
+===== Scenario =====
 In these examples, we want to exclude:
@@ Line 13: / Line 24: @@
   * We want to ignore certain messages on IOS edge switches (not core NX-OS switches)
+-----
-__Switches IOS__
+===== Switches IOS =====
 <code>
 logging discriminator LINKLOGS severity includes 0,1,2,3,4,5 facility drops LINK|LINEPROTO mnemonics drops UPDOWN
@@ Line 22: / Line 34: @@
 </code>
-__NX OS__
+----
+===== NX OS =====
 <code>
 conf t
@@ Line 31: / Line 45: @@
 </code>
-__ASA VPN__
+----
+===== ASA VPN =====
 This ASA Firewall syslog example shows how to ONLY send syslogs on VPN connect or disconnect.
@@ Line 46: / Line 62: @@
 </code>
-__Syslog Server Firewall Config__
+-----
+===== Syslog Server Firewall Config =====
 Some devices cannot change the syslog port they log to and by default use udp/514. This is a problem on Linux servers, since privileged ports 1024 and below can only be used by root.
@@ Line 54: / Line 72: @@
 Example Firewall INPUT chain could be:
-<code>
+<code bash>
 -A INPUT -i lo -m comment --comment "Loopback Operations" -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Related,Est Connections" -j ACCEPT
@@ Line 67: / Line 85: @@
 And the redirect to handle udp/514 to udp/1030:
-<code>
+<code bash>
 -A PREROUTING -d 192.168.1.16/32 -p udp -m udp --dport 514 -m comment --comment "Redirect Syslogs(514) to Splunk Syslog port 1030" -j DNAT --to-destination 192.168.1.16:1030
 </code>