Configure Cisco Works as a Syslog Server ???

Similar Messages

• How to Add FWSM 2.2 to Cisco Works VMS Inventory & syslog server

  i've two FWSM & Cisco VMS 2.2 i want to configure them to send syslog messages to the syslog analyzer under RME 3.5, they are added to firewall MC 1.3, they send syslog messages to unexpected syslog devices under the syslog analyzer.

  Checek if you have more than 5 Locale installed in the Unity connection :
  http://cisco.com/en/US/docs/voice_ip_comm/connection/2x/os_administration/guide/2xcucosag070.html#wp1043540

• Cisco ISE and external syslog server

  Hi Security Experts,
  We are starting with deploying cisco ISE (Identity Services Engine) in our network. We have allocated 250GB space for (Admin+Monitor) ISE node.
  I want to know if we can send the logs from monitoring node to external syslog server after a defined time interval.
  For example, logs which are more than 10 days old should be sent to external syslog server. So basically our monitoring node will have logs which are at the max 9 days old. Is it possible? Could you point me to some doc which explains configuration of the same?
  Thanks,
  Kashish

  No this isnt possible via syslog. What you are looking for is database purging, so that the monitoring database is purged after a specific time interval. Here is a guide that will help shed some light on this:
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_mnt.html#wp1054328
  Tarik Admani
  *Please rate helpful posts*

• Trying to make Reporting Services Configuration Manager work. Or, SQL Server Reporting Services.

  Under Start > Programs > Microsoft SQL Server 2008, I have the following:
  SQL Server Management Studio
  Configuration Tools
  Integration Services
  Import and Export Data
  Under Configuration Tools, I have the following:
  SQL Server Installation Center
  SQL Server Configuration Manager
  SQL Server Error and Usage Reporting
  Reporting Services Configuration Manager
  I tried to enable Reporting Services through 'Reporting Services Configuration Manager' but I don't seem to have much control from this view.  I see two boxes, one named Server Name (and it shows my server name) and the other is named Report Servicer Instance (and this is grayed out).  If I click on the Find box next to Server Name, I get this message:
  Report Server WMI Provider Error: Invalid Namespace
  Details
  Invalid Namespace
  To get the Server Name I right-clicked SQL Server > Properties > General
  Any ideas on how to make Reporting Services Configuration Manager work?  Or, can you please give me more details on how to access "System control" => "Services"?  I'm not seeing it anywhere and I'm not seeing any way to find "Sql Server Reporting Services".  Basically, I'm trying to activate my SQL Server Reporting Services.
  I am using SQL Server 2008 Express Management Studio.  Is SQL Server Reporting Services included in Express Management Studio?  I read, online, that it is, but I can't find it anywhere.
  Thanks again!
  Ryan--
  <input id="gwProxy" type="hidden"><!-- Session data--></input> <input id="jsProxy" onclick="jsCall();" type="hidden" />

  Thanks Jerry Nee!!  This may be exactly what I’m looking for!  I went to this link:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=B5D1B8C3-FDA5-4508-B0D0-1311D670E336&displaylang=en#filelist  
  At the top of the page it says, ‘Microsoft® SQL Server® 2008 Express with Advanced Services’, which seems like this is what I’m looking for, so I downloaded the file named ‘SQLEXPRADV_x86_ENU.exe’
  Then, I cut that from my desktop and pasted it in my C-drive and I get a message that says, ‘this folder already contains a file named ‘SQLEXPRADV_x86_ENU.exe’, would you like to replace the existing file?’
  I’m thinking…what the heck?  Do I already have this thing?  If so, why can’t I see SQL Server Reporting Services?  Maybe I have it now, and I just don’t know how to access the reporting Services features…
  Couple quick questions:
  What’s the difference b/w these two files: 
  ‘SQLEXPRADV_x64_ENU.exe’ and ‘SQLEXPRADV_x86_ENU.exe’? 
  Also, my current version of SSMS, Help > About shows this:
  Microsoft SQL Server Management Studio
  10.0.1600.22 ((SQL_PreRelease).080709-1414 )
  Microsoft Data Access Components (MDAC)
    2000.085.1132.00 (xpsp.080413-0852)
  Microsoft MSXML
  2.6 3.0 5.0 6.0
  Microsoft Internet Explorer
  8.0.6001.18702
  Microsoft .NET Framework
  2.0.50727.3603
  Operating System
  5.1.2600
  Should Server Reporting Services be included in this version?  I think so!!!
  Under Start > Programs > Microsoft SQL Server 2008 > Configuration Tools > Reporting Services Configuration Manager, I see this:
  Connect to a report server instance:
  Server Name: 
  Report Server Instance: 
  My server name is ‘'EXCEL-4J2W8KYNP', which I got from Control Panel > System Properties > Computer Name > Full Computer Name;
  However, when I put that server name in the box, and hit ‘Find’ I get this message: ‘Report Server WMI Provider error’ Invalid namespace
  Details: Invalid Namespace.
  I have no idea what this means…
  Thanks for everything!
  Ryan---

• Cisco works as snmp/syslog

  Hello folks
  How to configure ciscoworks 2.5 for as syslog and snmp server and point all my devices asa/switches/ips to send trap and log to it
  thanks

  Syslog server in ciscoworks is pretty simple.
  > Configure device to send syslog to ciscoworks
  > Subscribe Syslog Collector in Ciscoworks
  > Set correct filters and Generate report to see syslogs.
  When Syslog is recived in Syslog.log(win)/Syslog_info(sol/lin) Syslog collector pics syslog message from that flat log/text file and send it to Syslog Db after filtering messages as per filter settings.
  Subscribing Syslog Collector however differs with LMS version. Please see:
  LMS 3.x :
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1123042
  LMS 4.x:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/collection.html#wp1059476
  Syslog Documents for Ciscoworks:
  http://docwiki.cisco.com/wiki/Network_Management_Configuration_Example_for_Ciscoworks_LMS_Syslog_Configuration_via_GUI
  http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml
  -Thanks

• Cisco Work (LMS 2.6) Device Configuration

  Hi,
  Can anyone tell me where is the default location of device configuration ( Running conf ) saved in Cisco Work (LMS 2.6) Server.
  Thanks & Regds,
  Lalit

  if you enable the so called shadow directory feature under:  Admin -> Config Mgmt -> Archive Mgmt -> Archive Settings
  then the defaut location is \CSCOpx\files\rme\dcma
  Cheers,
  Michel

• How can I use my MAC OS X as syslog server ??

  Hi Team,
  Can you please help me in configuring my MAC machine as syslog server for my Cisco routers ?? I have the devices on same network and would like to forward all syslog messages to my MAC machine for analysing them.
  Thanks,

  Crocosmia wrote:
  Thank you for advise, will try apple store  another thing how can I increase my ramm and memory
  Check your machine's actual specifications here.
  It looks like you can support up to 3 MByte in a 17" iMac and up to 4 Mbyte in a 20" iMac, if your cache size coordinates with the specs on the linked page.
  OWC says you should be able to put 4 Gbyte into your machine here.  Wherever you get the memory, it would be a good addition.  This is the Apple Store listing for your machine, as near as I can figure it.

• SCOM 2012 collect Windows Audit logs and forward them to a Linux Syslog server

  Hello:
  1. We have a SCOM 2012 server.
  2. We have SNARE agents for PCI systems, but now we want to save money by gathering all events for all Windows servers using its native features.
  3. We also have a centralized Linux server running SYSLOG which aggregates the logs to our Dell LogVault retention appliance (for PCI purposes)
  Thus, my question:
  In effort to remove the SNARE agents from the windows servers, can we implement Audit Collections Services (ACS) in the windows environment so that they collect/forward audit/event logs to the SCOM 2012 server and then SCOM forwards the events to the centralized
  syslog Linux server? In which case they are aggregated to the Dell appliance.
  We prefer to use the Linux syslog as the centralized log server but would like to know how to go about implementing the solution above.
  Many thanks,
  Robert Perez-Corona

  Hi,
  Here is a thread about how to make SCOM 2012 work as a syslog server, hope this can be helpful for you:
  https://social.technet.microsoft.com/Forums/en-US/524ea527-c069-40f9-96ef-026a4aa06fe9/make-scom-2012-a-syslog-server?forum=operationsmanagergeneral
  Regards,
  Yan Li
  Regards, Yan Li

• Configuring Cisco Router for use with Syslog Server

  Configuring Cisco Router for use with Syslog Server:
  Does anyone know of a good doc for this?
  -Ashley

  Start with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
  And if you need more informations, just ask what you want to achieve.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Can Cisco Prime Infra 2.1 work as syslog server

  Hello all,
      Customer want Cisco Prime Infra 2.1 to work as syslog server.  they want to query text in syslog and get raw log file from Cisco Prime Infra.  but when i see in user interface.  I think that it cannot query and search text in syslog.  but i am not sure whether we can get raw log file per devices from Cisco Prime Infra.   Can anyone know about this.?
  thanks
  sompoj

  Hi Sompoj,
  In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
  , the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
  syslog messages will not be saved into log files .
  Thanks-
  Afroz
  ****Ratings Encourages Contributors ****

• Cisco PI syslog server configuration

  Hi all,
  I need to configure the PI as syslog server and get the log file from the PI to read it ??
  how can I do it, please advice
  thanks in advance

  Hi,
  Which prime version are you using ?
  Here is what Prime 2.1 user guide says
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/user/guide/pi_ug/alarms.html#pgfId-1054572
  Prime Infrastructure logs all emergency, alert, and critical messages generated by all devices that are managed by Prime Infrastructure.
  Prime Infrastructure also logs all SNMP messages and syslogs it receives. To view syslogs, choose Operate > Alarms & Events , then click the Syslogs tab.
  Syslog Predefined Filters
  Prime Infrastructure uses the following syslog filters:
  Severity 0 and 1
  Severity 2
  Environmental Monitor
  Memory Allocation Failure
  Catalyst Integrated Security Features
  Cisco IOS Firewall Denial of Service
  Read this thread as well, it talks about tweak this setting, but it could leads to fill up your prime disk space quickly.
  https://supportforums.cisco.com/discussion/11645481/prime-infrastructure-12-syslog
  HTH
  Rasika
  **** Pls rate all useful responses ****

• I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

  I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
  I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
  I need to allow the following IP addresses to have RDP access to my server:
  66.237.238.193-66.237.238.222
  69.195.249.177-69.195.249.190
  69.65.80.240-69.65.80.249
  My external WAN server info is - 99.89.69.333
  The internal IP address of my server is - 192.168.6.2
  The other server shows up as 99.89.69.334 but is working fine.
  I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
  THE FOLLOWING IS MY CONFIGURATION FILE
  Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
  Also the bolded lines are the modifications I made but that arent working.
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password DowJbZ7jrm5Nkm5B encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.6.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 99.89.69.233 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group network EMRMC
  network-object 10.1.2.0 255.255.255.0
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 172.16.0.0 255.255.0.0
  network-object 192.168.9.0 255.255.255.0
  object-group service RDP tcp
  description RDP
  port-object eq 3389
  object-group service GMED tcp
  description GMED
  port-object eq 3390
  object-group service MarsAccess tcp
  description MarsAccess
  port-object range pcanywhere-data 5632
  object-group service MarsFTP tcp
  description MarsFTP
  port-object range ftp-data ftp
  object-group service MarsSupportAppls tcp
  description MarsSupportAppls
  port-object eq 1972
  object-group service MarsUpdatePort tcp
  description MarsUpdatePort
  port-object eq 7835
  object-group service NM1503 tcp
  description NM1503
  port-object eq 1503
  object-group service NM1720 tcp
  description NM1720
  port-object eq h323
  object-group service NM1731 tcp
  description NM1731
  port-object eq 1731
  object-group service NM389 tcp
  description NM389
  port-object eq ldap
  object-group service NM522 tcp
  description NM522
  port-object eq 522
  object-group service SSL tcp
  description SSL
  port-object eq https
  object-group service rdp tcp
  port-object eq 3389
  access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
  access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
  access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp any interface outside eq 3389
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
  access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
  access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.6.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 68.156.148.5
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  tunnel-group 68.156.148.5 type ipsec-l2l
  tunnel-group 68.156.148.5 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
  : end
  ciscoasa(config-network)#

  Unclear what did not work.  In your original post you include said some commands were added but don't work:
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  and later you state you add another command that gets an error:
  static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
  You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
  The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
  Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

• Configuration required in Cat 4006 to forward errors to syslog server

  Hi,
  I have setup a Kiwi syslog server. I want to configure in my Cat 4006 switch to forward the following messages to my syslog server
  1. configuration changes
  2. Vlan creation /modification
  3. Power supply failures/module failures/temperature
  4. When the processor utlization exceeds more than 75% , it should send a alert message to syslog server
  5. Switch restart
  6. Trap for any changes in Uplink ports only. There are 4 uplinks to other Switches from 4006. If any problem with these ports (uplink), it should send message to syslog server , not for all ports
  Thanks in advance
  Raju

  Hi
  I feel this link will be of some help to u in configuring different severity levels for different facilities available.
  http://www.cisco.com/en/US/partner/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800d81c8.html
  By default for abnormal temp conditions u will get logs in the syslog server if u have already pointed the logs to the syslog server..
  regds

• Cisco Prime syslog server

  Where are syslogs stored, if I point my devices to Cisco Prime acting as my syslog server? I am running 2.0
  thanks, Jerry

  Hi ,
  As of now , this feature is not available , I mean PI will not work as syslog server.
  Syslog messages received by  PI from managed devices are found under Monitor > Alarms and Events > Syslogs
  as you are using PI 2.2 , you will be able to see all device syslog messages (0-7 severity)
  That display will show you up to 200,000 messages at a time.
  Check the below link for other related details proved by Marvin :
  https://supportforums.cisco.com/discussion/12486126/cisco-prime-syslog-functionality#sthash.Wbj2a3lj.dpuf
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ****

• Cisco works windows 2000 server (IDS)

  I installed cisco works prepared for monitoring IDS Sensor, but i have some problem Access Apache windows folders
  Error: The requested URL cannot be reached because client denied by server configuration: c:/program files/cscopx/htdocs/csconm
  Description: 403 Forbidden is the HTTP status code returned by the Apache web server when either the user or the server itself has insufficient access rights to the URL.
  You are not allowed access to this URL due to insufficient access rights. This may be due to an incorrect installation of the product. Please refer to your product's installation guide.

  Please try the following:
  Stop Daemon Manager. Type in "c:\net stop crmdmgtd " in the Windows command line
  Then go to: NMSROOT\lib\web\conf\allow_files.conf (where NMSROOT is Progra~1\CSCOpx)
  Please check if this file has the following entries
  /index.html
  /login.html
  /mainPanel.html
  /JSP/cmf/admin/index.jsp
  /login1.html
  Afterwards, restart Daemon Manager. Type in "c:\ net start crmdmgtd" in the CLI.
  And try to access the server again.
  HTH,
  -J