Cisco Syslog configuration method

I. Start Log Service
Step 1: Start log logging on
Note: by De fault, the logging level is set to 3 (error ).
The default log level is 3 (error)
Step 2: Set the Log Level logging trap severity_level (1-7)
Step 3: Check log settings show Logging

Ii. Test log output
Perform the following steps to test log output:
Step 1: Send log information to the Console port.
Logging console 7
Quit
This test will generate the following syslog Information
111005: Nobody end configuration: OK
This information indicates that configureation mode has been exited. "111005" indicates the ID of this information. "Nobody" indicates that you log on to the PIX through the Console port.
Step 2: stop shipping log information to the console
No logging console 7
Quit
3. Send syslog information to the cache
Step 1: Save the displayed information
Logging buffered severity_level (1-7)
Step 2: View information on the Console Port
Show Logging
Step 3: Clear the information in the cache to receive new information.
Clear Logging
Step 4: stop sending log information to the cache
No logging buffered
The new information is at the end of the list.

4. Send log information to a telnet session
Step 1: configure a host inside the PIX to allow Telnet to the PIX
A. Enter the following command:
Telnet ip_address [subnet_mask] [if_name]
For example, if a host has the IP address 192.168.1.2, the command is:
Telnet 192.168.1.2 255.255.255.255
B. Set the idle time for a telnet session. The default value is 5 minutes. The recommended value is 15 minutes.
Telnet timeout 15
Step 2: Start a telnet session
Step 3: perform configuration mode
Enable
(Enter your password at the prompt)
Configure Terminal
Step 4: Start Log Settings
Logging monitor severity_level (1-7)
Step 5: Send log information to the tetlnet session
Terminal Monitor
This command only sends log information to the current Telnet session. "Logging monitor" sets all Telnet session parameters. After this command is executed, log information is sent to each individual Telnet session.
Step 6: Send syslogs generated by applications such as ping and web access to the Telnet session window.
Step 8:
Terminal no monitor
No logging Monitor
5. Send syslog information to the syslog server
When syslog information is sent to a host using TCP or UCP protocol, the host must run a SYSLOG Program . There are third-party software in UNIX and windeow systems (kiwi Syslog daemon is good ).
Refer to the configuration manual for Cisco PIX Firewall and VPN to configure syslog. You can set the log message sending method, such as email, send to a file, and send to a workstation.
Follow the steps below to configure the firewall to send log information to a syslog server.
Step 1: specify a host to receive log information
Logging host [interface] ip_address [TCP [/port] | UDP [/port] [format emblem]
For example:
Logging host dmz1 192.168.1.5
You can specify multiple servers to receive log information, so that other servers can still receive information when one server is offline.
Step 2: Set the log level.
Logging trap severity_level (1-7)
Step 3: Use the following command to include the device ID in the information:
Logging Device-ID {hostname | IPaddress if_name | string text}
Contains the ID of a specific device (device name, IP address of a specific interface, or a string)
6. Send log information to the SNMP Administrator
Perform the following Configuration:
Step 1: Set the IP address of the SNMP Administrator
SNMP-server host [if_name] ip_addr
Step 2: Other SNMP server settings are required.
SNMP-server location text
SNMP-server contact text
SNMP-server community key
Refer to the PIX Firewall command to get more information.
Use the following settings to configure to send log information to the SNMP server.
Step 1
SNMP-server enable traps
Step 2: Set the log level:
Logging history severity_level (1-7)
Step 3: Disable syslog capture with the following command:
No SNMP-server enable traps