Logging in Cisco IOS. The minimum you should know



Similar documents
Lab 5.5 Configuring Logging

Configuring System Message Logging

System Message Logging

Lab Configuring Syslog and NTP (Instructor Version)

RSA Security Analytics

Cisco IOS Embedded Syslog Manager Command Reference

Cisco.Selftestengine v by.Amy.32q

Lab Configure Syslog on AP

Planning Maintenance for Complex Networks

Chapter 1: Planning Maintenance for Complex Networks. TSHOOT v6 Chapter , Cisco Systems, Inc. All rights reserved.

APNIC Members Training Course Security workshop. 2-4 July, Port Vila Vanuatu. In conjunction with PACNOG 4

Enabling Management Protocols: NTP, SNMP, and Syslog

Configuring Syslog Server on Cisco Routers with Cisco SDM

Configuring System Message Logging

Cisco Setting Up PIX Syslog

Using Debug Commands

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

Using Debug Commands

Chapter 4 Restricting Access From Your Network

Chapter 3 Restricting Access From Your Network

Output Interpreter. SHOW RUNNING-CONFIG SECURITY Analysis SHOW RUNNING-CONFIG - FW Analysis. Back to top

Using Debug Commands

Network Monitoring & Management Log Management

One-Step Lockdown with Cisco SDM

SNMP in Cisco IOS. The minimum you should know

Monitoring the Firewall Services Module

Network Monitoring & Management Log Management

About Cisco PIX Firewalls

Configuring Logging. Information About Logging CHAPTER

MCNC Webinar Series. Syslog

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Configuring System Message Logging

Cisco Security Information Event Management Deployment Guide

PIX/ASA 7.x with Syslog Configuration Example

LAB MANUAL for Computer Network

Configuring System Message Logging

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Kiwi SyslogGen. A Freeware Syslog message generator for Windows. by SolarWinds, Inc.

PIM SOFTWARE TR50. Configuring the Syslog Feature TECHNICAL REFERENCE page 1

NAS 272 Using Your NAS as a Syslog Server

CCNA Security. Chapter Two Securing Network Devices Cisco Learning Institute.

Table of Contents. Cisco DSL Router Configuration and Troubleshooting Guide

Network Security Knowledge is Everything! Network Operations

Web-Based Configuration Manual System Report. Table of Contents

login timeout 30 access list ALL line 20 extended permit ip any any port 9053 interval 15 passdetect interval 30

Management, Logging and Troubleshooting

Configuring Logging with CLI

System Log Setup (RTA1025W Rev2)

Barracuda Networks Web Application Firewall

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Embedded Syslog Manager Configuration Guide, Cisco IOS Release 12.2SR

HP OpenView Network Node Manager

Cloud Services MDM. Reports & Alerts Admin Guide

Security Audit CHAPTER21. Perform Security Audit

Introduction Installation firewall analyzer step by step installation Startup Syslog and SNMP setup on firewall side firewall analyzer startup

Chapter 8 Monitoring and Logging

Chapter 1 Introduction to Network Maintenance Objectives

Table of Contents. Configuring IP Access Lists

Step by Step: vcenter Syslog Collector installation

Network Monitoring & Management Log Management

Alarms. Understanding Alarms CHAPTER

Manage Firewalls and Log Collection

Center for Internet Security Gold Standard Benchmark for Cisco IOS

F5 Local Traffic Manager

Symantec Event Collector 4.3 for Cisco PIX Quick Reference

Configuring a Leased Line

RSA Authentication Manager

8 steps to protect your Cisco router

Simple MPLS network topology for Dynamips/Olive

OLD DOMINION UNIVERSITY Router-Switch Best Practices. (last updated : )

Building Scalable Syslog Management Solutions

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

How To Configure Syslog over VPN

Red Condor Syslog Server Configurations

HP OpenView Network Node Manager

A10 Networks Load Balancer

CCNA Exploration 4.0: ESwitching Basic Switching / Wireless PT Practice SBA. Switch S1 S1#sh ru Building configuration...

Monitoring System Status

Accellion Secure File Transfer

Configurazione Rete VoIP

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

Chapter 3 Using Maintenance & Troubleshooting Tools & Applications Objectives

The Bomgar Appliance in the Network

Configure Cisco IOS Firewall to use stateful packet inspection for IPv6. Configure Cisco IOS Firewall to use packet filtering for IPv6.

Domain Name System Server Round-Robin Functionality for the Cisco AS5800

Embedded Syslog Manager Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

SolarWinds Certified Professional. Exam Preparation Guide

Configurazione Rete VoIP

Security Correlation Server Quick Installation Guide

Felix Rohrer. PT Activity 7.5.3: Troubleshooting Wireless WRT300N. Topology Diagram

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

SolarWinds Log & Event Manager

Document ID: Introduction

emerge 50P emerge 5000P

Cisco Secure PIX Firewall with Two Routers Configuration Example

Network Diagram Scalability Testbed and Configuration Files

Most Common DMVPN Troubleshooting Solutions

Lab 5-5 Configuring the Cisco IOS DHCP Server

Transcription:

The minimum you should know

Severity-levels Router(config)#logging trap? <0-7> Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) <cr> http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 2

Logging destinations host (syslog) console monitor (ssh/telnet) buffered snmp http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 3

Logging destinations host (syslog) Router#sh run i logg logging trap warnings logging 150.100.1.60 default udp/514; can also use tcp for transport: logging host 150.100.1.60 transport tcp port 1234 Syslog-messages should always be send from the same source-address: Router(config)#logging source-interface loopback 0 http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 4

Logging destinations console Router#sh logging i Console Console logging: level debugging, 19 messages logged, xml disabled Router(config)#logging console notifications Router(config)#no logging console http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 5

Logging destinations monitor Router#sh logging i Monitor Monitor logging: level debugging, 0 messages logged, xml disabled Router(config)#logging monitor informational Router#terminal monitor Router#terminal no monitor http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 6

Logging destinations buffered Router#sh logging i Buffer Buffer logging: disabled, xml disabled, Needs to be enabled: Router(config)#logging buffered Router#sh run i buff logging buffered 4096 debugging Router#sh logging i Buffer Buffer logging: level debugging, 1 messages logged, xml disabled, Log Buffer (4096 bytes): http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 7

Logging destinations buffered Router#sh logging... Log Buffer (4096 bytes): *Mar 1 00:52:05.107: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up *Mar 1 00:52:06.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up *Mar 1 00:52:11.115: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 150.100.1.60 started - reconnection *Mar 1 00:53:20.411: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:54:59.431: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 8

More things to consider for correlation you need an accurate time use NTP http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 9

More things to consider The router can count the number of messages: Router(config)#logging count Router#sh logging count Facility Message Name Sev Occur Last Time ================================================================================== SYS CONFIG_I 5 1 *Mar 1 00:08:28.223 ------------- ------------------------------- ---------------------------------- SYS TOTAL 1 LINEPROTO UPDOWN 5 1 *Mar 1 00:08:19.211 ------------- ------------------------------- ---------------------------------- LINEPROTO TOTAL 1 LINK UPDOWN 3 1 *Mar 1 00:08:18.211 ------------- ------------------------------- ---------------------------------- LINK TOTAL 1 OSPF ADJCHG 5 1 *Mar 1 00:09:25.319 ------------- ------------------------------- ---------------------------------- OSPF TOTAL 1 http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 10

More things to consider logg-messages should include a timestamp Router(config)#service timestamps log datetime? localtime Use local time zone for timestamps msec Include milliseconds in timestamp show-timezone Add time zone information to timestamp year Include year in timestamp <cr> http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 11

More things to consider You can group messages from similar devices: Router(config)#logging facility?... local0 Local use local1 Local use local2 Local use local3 Local use local4 Local use local5 Local use local6 Local use local7 Local use... http://security-planet.de Karsten Iwen - CCIE #14602 (Security, R/S) 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information