Though not really an adventure but more sort of a dream to be at-least as good on CISCO VoIP things as I'm with OpenSource VoIP projects. So I keep on practicing CISCO stuff on my GNS3. So that I be ready if someday I be given opportunity to work full-time with these devices.
I was cleaning my drives for space and found something useful to share on experience with CISCO AS-5350, which is a Universal Gateway supporting T1/ E1 configurations that provides universal port data, voice, and fax services on any port at any time.
So before deleting, I wanted to share it here so it could be useful for not just me but for all who might be interested.
Current post is about setting up a remote SYSLOG server for our cisco devices. So, basically in a network environment all the logs should be sent to a secure remote logging server. This is a big thing to analyse what happened on a particular device.
This is the version info of the cisco device.
Cisco IOS Software, 5350 Software (C5350-JS-M), Version 12.4(18), RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 12.2(1r)1, RELEASE SOFTWARE (fc1)
BOOTLDR: 5350 Software (C5350-BOOT-M), Version 12.2(2)XB2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
System image file is "flash:c5350-js-mz.124-18.bin"
Setting up Remote-Logs:
I've set the device to send everything on a remote-log server and record everything happening, from logins to commands executed.
!
service timestamps debug datetime msec
service timestamps log datetime msec
login on-success log
!
A quick look at the "netstat -pln"
I was cleaning my drives for space and found something useful to share on experience with CISCO AS-5350, which is a Universal Gateway supporting T1/ E1 configurations that provides universal port data, voice, and fax services on any port at any time.
So before deleting, I wanted to share it here so it could be useful for not just me but for all who might be interested.
Current post is about setting up a remote SYSLOG server for our cisco devices. So, basically in a network environment all the logs should be sent to a secure remote logging server. This is a big thing to analyse what happened on a particular device.
This is the version info of the cisco device.
Cisco IOS Software, 5350 Software (C5350-JS-M), Version 12.4(18), RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 12.2(1r)1, RELEASE SOFTWARE (fc1)
BOOTLDR: 5350 Software (C5350-BOOT-M), Version 12.2(2)XB2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
System image file is "flash:c5350-js-mz.124-18.bin"
Setting up Remote-Logs:
I've set the device to send everything on a remote-log server and record everything happening, from logins to commands executed.
!
service timestamps debug datetime msec
service timestamps log datetime msec
!
!
login on-failure log
login on-success log
!
archive
log config
logging enable
notify syslog
!
logging history debugging
logging trap debugging
logging facility local6
logging 192.168.137.6
!
no logging buffered
no logging console
!
# Where 192.168.137.6 is the remote syslog server. Make sure that rsyslog server is configured properly.
# My /etc/default/rsyslog contains this line
RSYSLOGD_OPTIONS="-c2 -r514"
A quick look at the "netstat -pln"
root@debian:~# netstat -pln | grep 514 udp 0 0 0.0.0.0:514 0.0.0.0:* 31026/rsyslogd root@debian:~#
and in the file /etc/rsyslog.conf I've this line
local6.* -/var/log/cisco/as5350.log
### Back to CISCO ###
An excerpt from the CISCO pages on configuration change notifications and logging [1]:
Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:
•
Commands that result in a syntax error message
Commands that result in a syntax error message
•Partial commands that invoke the router help system
Partial commands that invoke the router help system
For each configuration command that is executed, the following information is logged:
•The command that was executed
The command that was executed
•The configuration mode in which the command was executed
The configuration mode in which the command was executed
•The name of the user that executed the command
The name of the user that executed the command
•The time at which the command was executed
The time at which the command was executed
•A configuration change sequence number
A configuration change sequence number
•Parser return codes for the command
Parser return codes for the command
That concludes this post:
After those cli commands a router/cisco device should be able to send logs to the remote logging server. Make sure that at least the log port (udp:514 in my case) is accessible between CISCO device and the syslog server.
After those cli commands a router/cisco device should be able to send logs to the remote logging server. Make sure that at least the log port (udp:514 in my case) is accessible between CISCO device and the syslog server.
In next post I will share configuration for Integration with RADIUS server for AAA the calls or even the incoming SIP registrations.
References:
No comments:
Post a Comment