One. Configure Server-side
Configuring the Log server
Install Splunk 64-bit free version
2. If there is a firewall on the log server, be sure to open udp514 and tcp146 in inbound rules
Two. Configuring the Client
Cisco switches, routers
1 Open Log service Router (config) #logging on
2 Define the log server address Router (config) #logging host 192.168.2.100
3 Define time timestamp Router (config) #service timestamps log datetime localtime Show-timezone msec
3 Define time timestamp Router (config) #service timestamps debug datetime localtime show-timezone msec
4 define Facility level Router (config) #logging facility Local7 (default)
5 #定义severity级别 Router (config) #logging trap 4
Finally set the time zone
2.cisco ASA Device
Logging Enable
Logging host inside A.B.C.D
Logging source-interface VLAN 1 (log packet original address)
Centralized management of switches, System log syslog for routers