How to make linux a dedicated log server for cisco Routers

The server setting of the Cisco router log is a high-end problem. In the process of using it, we need to constantly find a better way, but for linux, many people are not very clear about it. How does one set linux to a Cisco router log server? To achieve unified log management, including 2950 6509 3550 2611 and Huawei 3526 switches.

Method 1:

QUOTE: RedHat: vi/etc/sysconfig/syslog: Change SYSLOGD_OPTIONS = "-m 0" to SYSLOGD_OPTIONS = "-r-m 0", and then/etc/rc. d/init. d/syslog restart is OK. do not forget to Set firewall rules to allow only your devices to send to udp/514.

Method 2:

QUOTE: For cisco switches, you only need to use the following logging on, logging trap warning, and trap parameters, which correspond to different levels, the logging host inside 192.168.7.2 address is the address of the log server QUOTE: cisco router log host settings vi/etc/sysconfig/syslog modify SYSLOGD_OPTIONS = "-m 0" to SYSLOGD_OPTIONS = "-r-m 0" //-r writes data from the remote host- m 0 vi/etc/syslog. add the following content to the conf file.

Record all logs with the device number local4 (the default device Number of the PIX) to/var/log/router. log # Save pix messages all to router. loglocal4. * record all logs with the device number local5 (specified by info-center loghost-ip-addr facility local-number in S8016) to/var/log/router. log # Save S8016 messages all to S8016.loglocal5. */var/log/S8016.log.

Then/etc/rc. d/init. d/syslog restart is OK. do not forget to Set firewall rules to allow only your devices to send to udp/514 (the default UDP port is 514 and the default tcp port is 104, configure logging on the PIX // open the Cisco router log logging host [if_name] ip_address [protocol/port] // specify the log host instance: logging host log 133.3.3.2logging trap level // specify the log message level (0: urgent (Emergencies) 1: Alarm (Alerts) 2: severe (Critical) 3: Error (Errors) 4: Warnings 5: Notifications 6: Information 7: Debugging )).

Logging trap 7 // set the debugging information to the Debug level, record the FTP command and www url, and use the logging facility command to change the device number. The PIX is local4 (20) by default ), in the configuration of Huawei S8016, the new command line of Huawei S8016 sets the log server, info-center enable // opens the information center, inf-center loghost host-ip-addr channel 2 facility local-number, set the ip address of the log host, info-center logging host-ip-addr, and set the information channel of the Cisco router log host, info-center host-ip-addr channel {channel-number | channel-name}, set the host logging tool, set logging host-ip-ad Dr facility local-number: undo info-center loghost-ip-addr is output to the log host.

Cisco 7505 Configuration
Logging 133.3.3.2
Logging on
Logging trap 6
Logging facility local0