Cisco Syslog to FreeBSD server

[bentman78]

Hello all,
I am fairly new to Cisco, but I feel comfortable with the command line. I use Linux/Unix and it feels the same. In any case, I have set up a freebsd syslog server, is there a way to have my 2514 router log to the syslog server. Is there any good tutuorials on how to set this up, I have looked around and haven't found any. Also, I am running with the firewall feature set, which i guess provides SPI. How do I know the Firewall is enabled, and can I log that stuff to my syslog server too? Thanks in advance.

 

[wybnormal]

You need to edit the syslog.conf file to accept the remote syslog connection. Also, you need to set up the facility and level of the syslog messaging.

add the options in the syslog.conf file of

SYSLOGD_OPTIONS="-m 0 -r" ; this turns off marking and enableds the remote connection.

Now you need something like this:

local7.* <tab> <tab> /var/log/routers/router1

On the router,

!
logging facility 23
!

Why the 23 and on the server, then number 7? 'cause Cisco and Linux both use facilities, they do not refer to them the same way.

16- local0
17- local1
18- local2
19- local3 etc..etc..etc.

you have mapped facility 23 to the Linux local7 which points to the sub directory of /router/router1.

This is how you can have multiple router/firewalls etc talking to the same syslog server. Each gets their own facility number and path.

This is all over the web if you look hard enough or you can buy the book where I wrote this chapter on logging and management.(Cisco Specialist Guide to PIX Firewalls by Syngress)

MikeS


Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu