Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Networking > Cisco Routers & Switches How-to
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Configure router audit & logging (not only enabling)

Configure router audit & logging (not only enabling)

this thread has 0 replies and has been viewed 1716 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 2nd June 2009, 23:04
Sagar38 Sagar38 is offline
Casual
Casual
 
 Join Date: Jun 2009
  6 month star 12 month star
 Posts: 1
 Reputation: Sagar38 is on a distinguished road (10)
Default Configure router audit & logging (not only enabling)

Hello everyone,

I'm having some troubles finding a guide or document on how to enable
audit in routers.

I've read the Cisco IOS System Messages Guide vol 1 & 2, for version
12.4 (which is the one I'm running on my router).
"http://www.cisco.com/en/US/products/ps6350/
products_system_message_guides_list.html"

In that guide you can find all messages with their explanation.

I turned on logging on my router correctly and I'm sending everything
to a syslog server.
The logging trap level is set to debug, so I'm also getting every
lower level.

The router is sending messages, for example, for facility codes SYS,
LINEPROTO, LINK, SSH, PARSER, SNMP and SEC.

As soon as I turned on logging I started to get SYS, LINK and
LINEPROTO messages, but to get the SEC messages I had to turn on
logging on each ACL by adding the keyword "log" or "log-input".
Something similar happens with PARSER messages (which is logging every
command run by any user). I had to configure this by running commands:
archive
log config
logging enable
logging size 200
notify syslog

I've seen somewhere that if I use AAA accounting I can get messages
even if I don't have TACACS+ server. Is that correct? Does anyone know
how can I log AAA events to the syslog?

In the "System Messages Guide" I find a lot of facility codes that I
don't get on my syslog server.

Does anyone know if there is any cisco guide that explains how to
audit everything on a router?
And I don't mean "how to enable logging", because I've done that and I
know there is a guide for that.
I want to know how to get all messages that are on the "System Message
Guide" on my syslog.

I've also read the "Cisco IOS Security Configuration Guide" and I
haven't found a clear explanation to enable "full system logging".

Thanks in advance!
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure the Checkpoint as a Router diego DSL, Cable, and other Broadband Issues 2 15th September 2006 15:49
I need help in how to configure router sajidmumtaz DSL, Cable, and other Broadband Issues 5 13th December 2005 20:56
how to configure router sajidmumtaz DSL, Cable, and other Broadband Issues 1 9th December 2005 10:50
enabling iis behind a Aztech router someuser77 DSL, Cable, and other Broadband Issues 0 31st October 2005 12:15
Enabling SMTP Vrfy in Exchange 5.5, 2000 & 2003 obirle Exchange 2000 / 2003 0 23rd March 2005 14:41


All times are GMT +3. The time now is 17:19.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri