Syslog

[netwalker1]

I am using cisco 1751 , and I want to enable syslog facility on it , I used these commands :
#logging x.x.x.x ( as x.x.x.x is my syslog Server )
#logging trap debugging
# logging on

but My server didn't recieve any traps !!!
note that my server is behind a PIX , and the x.x.x.x IP mentione above is the natted IP of the internal Server IP.

Is there any requirement that enable the traffic from the router to the syslog server on port UDP 514 ?

Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[rn4it]

You will need to set up a rule in your PIX to allow the router to send UDP 514 to the Syslog server. Which is probably why your server isn't getting the messages. You can probably see a bunch of dropped udp 514 packets coming from the router in your PIX's log files.

 

[netwalker1]

I already enable this !
but with no luck !

Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[rn4it]

On the PIX, do you see the packets passing through properly?

 

[netwalker1]

I can't see any traffic between the Router and the PIX , just my Telnetting traffic !!!


Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[netwalker1]

This is my Show run on the Router :

TEST#show run
Building configuration...
Current configuration : 1442 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TEST
!
memory-size iomem 25
ip subnet-zero
no ip source-route
!
!
no ip domain-lookup
ip host auth 172.16.x.xxx
!
no ip bootp server
!
!
!
interface FastEthernet0/0
ip address 172.16.x.xxx 255.255.255.0
ip access-group 130 in
no ip unreachables
speed auto
half-duplex
no cdp enable
!
interface Async1
no ip address
!
interface Async2
no ip address
!
ip classless
no ip http server
ip pim bidir-enable
!
!
logging 172.16.16.xxx
access-list 130 deny tcp any any eq 2001
access-list 130 deny tcp any any eq 2002
access-list 130 deny tcp any any eq 6001
access-list 130 deny tcp any any eq 6002
access-list 130 permit ip any any
no cdp run
!
banner login ^CUNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED. You mus
t have explicit permission to access this device. All activities performed on th
is device may be logged, and violations of this policy may be reported to law en
forcement.^C
!
line con 0
line 1 2
no motd-banner
no exec-banner
no activation-character
no vacant-message
modem InOut
autocommand telnet auth 3000 /quiet /stream
transport input telnet
transport output pad udptn telnet rlogin
escape-character NONE
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password ????
login
!
end




note that I enetred the 2 commands :
# logging trap 6
# logging On
but they are not seen in the show run !

Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[netwalker1]

Ok , Now I can See some traffic from the Router on port 514 ( Syslog Port )

But , I want to log the Dial-in Activites , The router has Asyncrounus interfaces , and we use it to dial-in ..

What should I do ?
Should I change the facilities from local user7
to another thing ?

Please help !

Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[rn4it]

We have Cisco dialup authenticate with our PDC, so it is logged there. When they log in where do they authenticate? If it is against the router then it should be logged, I'd think.

 

[netwalker1]

But I need to know : when the line was busy , and if there is an attemt to login while the authintication server was down !


Mohamed Farid
Know Me No Pain , No Me Know Pain !!!

 

[Routerboy]

Check your other post as to the config you need to add to see the Async interface info. You are asking 2 separate questions here though I believe. You want to know when callers connect and disconnect and you want to know if they authenticate successfully when they connect. You would have to turn on aaa authentication debugging in order to be sure of this. You might want to use Q931 debugging as well. Depending on the platform you are using this may cause a service degrade.

Router Boy!