Maybe a lot of people do not know much about the establishment of the log server, so I have studied the detailed steps for creating a log server. Here I will share with you, I hope it will be useful to you. As a network maintainer, logs are an indispensable part of our work. They can help us analyze whether the device is normal and whether the network is healthy, therefore, a complete log system should be established for any device or system, so that we can face any problem and solve the problem in time.
This article will introduce the establishment of a simple log server. Through this log server, we can understand the basic information about data passing through the vro. When an emergency occurs, you can analyze the logs to quickly solve the problem. As an important network device, the security of the router is crucial. Due to the limited memory capacity of the router, after some log information is stored, power loss will be lost, so we cannot expect to save the log on the vro. Create a log server, use it to record the running status of the router, and save log records to help us locate faults, troubleshoot, and manage network security. In practical work, the author builds the log server on the Linux system and uses the Linux System Version red hat 9.
Log recording principles
Some important information about routers can be recorded on Linux or Unix hosts in the internal network through the SYSLOG mechanism. These important information includes the link establishment Failure Information, router operation information, packet filtering information, and other log information. Therefore, you only need to enable the SYSLOG reception service on Linux or Unix, and then specify the Linux or Unix IP address on the router as the log server. Configuration is not very cumbersome, but the Monitoring effect is obvious.
Linux Configuration
By default, the SYSLOG service is installed in Linux. Therefore, you can directly enable the service by running the "service syslog start" command. Of course, your system may not have installed this service, so we need to install it manually first.
Step 1: edit the configuration file/etc/syslog. conf, whose content format is "service name information level log file storage directory", such as mail.info/var/log/mail. log indicates that the service name is mail, the information level is info, and the log file is saved in/var/log/mail. log ).
TIPS: The content recorded by different information levels will be different. The information levels are in the order of info, notice, warning, error, crit, alert, and emerg ", after a specified information level is specified, information higher than this level will be recorded. The service names include mail, http, news, cron, and.
Step 2: If you want to record all the information about the vro, you can use local7. * as a wildcard, it represents any level. Of course, you can also specify the exact level, for example, info. The content of the syslog. conf file set by the author is local7. */var/log/router. log. All information is recorded in the router. log File for timely viewing.
Step 3: Create a log file and create the file router.info in the/var/log directory. We can use the command touch router.info to create a router. This file is used to record the router information.
Step 4: configure the/etc/sysconfig/syslog file. To enable Linux to record logs of remote devices, modify the file syslog, modify syslogd_options = "-m 0" to syslogd_options = "-r-m 0 ".
Step 5: restart the SYSLOG service and run the "service syslog restart" command ".
Configurations on the vro
Step 1: Enter the global mode of vro configuration. Enter logging 10.82.0.29. 10.82.0.29 is the IP address of the Log Server Linux)
Step 2: Use the logging on command to enable the logging function.
Step 3: Use the logging trap info command to set the Log Capture level to info, so that all events that meet the info level or above are recorded in the log .)
Summary: After the configuration is successful, we can monitor the events on the vro through the log server, including the information such as logon to the vro, exception packet generation and router failure. To view this information, you only need to search for it in router.info on the Linux Log Server. In this way, we can easily understand the network usage.