How Configure Cisco For Logging


Hi, collecting logs are important. In my daily job I am working with logs about a lot of systems like vmware,application,linux,windows,cisco,checkpoint,pfsense. Logs provides info about the system, application etc. Security incident management systems heavily rely on logs.Logs consist of date system name and event detail like

Here Aug  1 05:39:30.992 is date info, %LINK-3-UPDOWN is subsystem info which says the log is about port, Interface Ethernet0/0, changed state to up says that the ethernet 0/0 interface is changed to up. This log can be seem simple but a lot of logs means special things. If you properly correlate the you can get a lot of info about the whole system especially from security perspective. But the first step is collecting logs from the systems. There is a lot of log collection ways but the systems may not provide all of them. Network devices generally use syslog technique which uses udp packets and port 514 to transmit logs. In the most simple way logs transmitted without any CIA (confidenciality, integrity, availibility). To collect log we need a syslog server which accepts syslog from network. We assume it is setup correctly. No we will configure cisco switch to send logs.

Set ip address of the log server here if the switch has name resolution you can use host name.

This step is important because we setup the log level. making log level high make a lot of logs especially if the system is core system, but it is very useful to see all details about events. debug is level 7 and emergency is level 0 you can select this according to your needs.          

This is lconfig is usefull if you collect logs from more than one system. Logs from a lot of systems are separated by their source ips. With this option you set your source interface and source ip.

Syslog uses facillity to separate logs. You can use this option like the source interface but you have not a lot of space to use.

LEARN MORE  How To Download, Install Packet Tracer Into Windows?

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)