Operating system: RedHat Linux Enterprise 6.
Assume that Apache has been installed and configured to work properly. Apache docsroot is /var/www/html.
This installation is aimed to provide syslog facility to networking devices such as routers, switches, servers and to use Log Analyzer to view and analyse syslog.
1. Configuring Rsyslog
Rsyslog is installed by default in RHEL environment. If not, do it following this.
Configure Rsyslog to receive syslog via UDP port 514:
Edit /etc/rsyslog.conf
Uncomment $ModLoad imudp.so and $UDPServerRun 514
Add $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format and comment all other $ActionFileDefaultTemplate
Add *.* /var/log/syslog and comment all other rules if not used. That causes all syslog messages received to be put to file /var/log/syslog.
Make Rsyslog to automatically start when OS reboots:
Run chkconfig rsyslog on
Start Rsyslog: /etc/init.d/rsyslog start
2. Installing Log Analyzer
Get it
Install it
DONE.
If you get this message "Syslog file is not readable, read access may be denied". Follow this to resolve
3. Configuring logging in Cisco IOS
logging esm config // Send to syslog server every command that user enters. Used to track what user has done on IOS.
logging trap notifications // Choose lowest severity level to send to syslog. In this case syslog messages include emerg, alert, crit, err, warning and notice. If you want more, put logging trap info or even lower.
logging origin-id hostname // To send HOSTNAME in syslog msg
logging source-interface Loopback0 // Source IP address used to send syslog msg
logging 192.168.16.9 // Syslog server
No comments:
Post a Comment