Wednesday, August 8, 2012

Adventures with CISCO AS-5350 [Setting up remote Log server]

Though not really an adventure but more sort of a dream to be at-least as good on CISCO VoIP things as I'm with OpenSource VoIP projects. So I keep on practicing CISCO stuff on my GNS3. So that I be ready if someday I be given opportunity to work full-time with these devices.

I was cleaning my drives for space and found something useful to share on experience with CISCO AS-5350, which is a Universal Gateway supporting T1/ E1 configurations that provides universal port data, voice, and fax services on any port at any time.

So before deleting, I wanted to share it here so it could be useful for not just me but for all who might be interested.

Current post is about setting up a remote SYSLOG server for our cisco devices. So, basically in a network environment all the logs should be sent to a secure remote logging server. This is a big thing to analyse what happened on a particular device.

This is the version info of the cisco device.

Cisco IOS Software, 5350 Software (C5350-JS-M), Version 12.4(18), RELEASE SOFTWARE (fc1)


ROM: System Bootstrap, Version 12.2(1r)1, RELEASE SOFTWARE (fc1)
BOOTLDR: 5350 Software (C5350-BOOT-M), Version 12.2(2)XB2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

System image file is "flash:c5350-js-mz.124-18.bin"


Setting up Remote-Logs:

I've set the device to send everything on a remote-log server and record everything happening, from logins to commands  executed.

!

service timestamps debug datetime msec
service timestamps log datetime msec
!

!
login on-failure log

login on-success log
!
archive
   log config
      logging enable
      notify syslog
!
logging history debugging
logging trap debugging
logging facility local6
logging 192.168.137.6
!


no logging buffered
no logging console


!

# Where 192.168.137.6 is the remote syslog server. Make sure that rsyslog server is configured properly.
# My /etc/default/rsyslog contains this line

RSYSLOGD_OPTIONS="-c2 -r514"

A quick look at the "netstat -pln"

root@debian:~# netstat -pln | grep 514
udp   0  0 0.0.0.0:514      0.0.0.0:*     31026/rsyslogd
root@debian:~#

and in the file /etc/rsyslog.conf I've this line

local6.*             -/var/log/cisco/as5350.log

### Back to CISCO ###

An excerpt from the CISCO pages on configuration change notifications and logging [1]:

Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:

Commands that result in a syntax error message

Partial commands that invoke the router help system

For each configuration command that is executed, the following information is logged:

The command that was executed

The configuration mode in which the command was executed

The name of the user that executed the command

The time at which the command was executed

A configuration change sequence number

Parser return codes for the command

That concludes this post: 

After those cli commands a router/cisco device should be able to send logs to the remote logging server. Make sure that at least the log port (udp:514 in my case) is accessible between CISCO device and the syslog server.

In next post I will share configuration for Integration with RADIUS server for AAA the calls or even the incoming SIP registrations.

References:

No comments:

Post a Comment