Configure Cisco Works as a Syslog Server ???
Hi Friends,
Is it possible to configure syslog server in Cisco Works,if possible please share the steps need to be configutreed..
Syslog server in ciscoworks is pretty simple.
> Configure device to send syslog to ciscoworks
> Subscribe Syslog Collector in Ciscoworks
> Set correct filters and Generate report to see syslogs.
When Syslog is recived in Syslog.log(win)/Syslog_info(sol/lin) Syslog collector pics syslog message from that flat log/text file and send it to Syslog Db after filtering messages as per filter settings.
Subscribing Syslog Collector however differs with LMS version. Please see:
LMS 3.x :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1123042
LMS 4.x:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/collection.html#wp1059476
Syslog Documents for Ciscoworks:
http://docwiki.cisco.com/wiki/Network_Management_Configuration_Example_for_Ciscoworks_LMS_Syslog_Configuration_via_GUI
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml
-Thanks
Similar Messages
-
How to Add FWSM 2.2 to Cisco Works VMS Inventory & syslog server
i've two FWSM & Cisco VMS 2.2 i want to configure them to send syslog messages to the syslog analyzer under RME 3.5, they are added to firewall MC 1.3, they send syslog messages to unexpected syslog devices under the syslog analyzer.
Checek if you have more than 5 Locale installed in the Unity connection :
http://cisco.com/en/US/docs/voice_ip_comm/connection/2x/os_administration/guide/2xcucosag070.html#wp1043540 -
Cisco ISE and external syslog server
Hi Security Experts,
We are starting with deploying cisco ISE (Identity Services Engine) in our network. We have allocated 250GB space for (Admin+Monitor) ISE node.
I want to know if we can send the logs from monitoring node to external syslog server after a defined time interval.
For example, logs which are more than 10 days old should be sent to external syslog server. So basically our monitoring node will have logs which are at the max 9 days old. Is it possible? Could you point me to some doc which explains configuration of the same?
Thanks,
KashishNo this isnt possible via syslog. What you are looking for is database purging, so that the monitoring database is purged after a specific time interval. Here is a guide that will help shed some light on this:
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_mnt.html#wp1054328
Tarik Admani
*Please rate helpful posts* -
Under Start > Programs > Microsoft SQL Server 2008, I have the following:
SQL Server Management Studio
Configuration Tools
Integration Services
Import and Export Data
Under Configuration Tools, I have the following:
SQL Server Installation Center
SQL Server Configuration Manager
SQL Server Error and Usage Reporting
Reporting Services Configuration Manager
I tried to enable Reporting Services through 'Reporting Services Configuration Manager' but I don't seem to have much control from this view. I see two boxes, one named Server Name (and it shows my server name) and the other is named Report Servicer Instance (and this is grayed out). If I click on the Find box next to Server Name, I get this message:
Report Server WMI Provider Error: Invalid Namespace
Details
Invalid Namespace
To get the Server Name I right-clicked SQL Server > Properties > General
Any ideas on how to make Reporting Services Configuration Manager work? Or, can you please give me more details on how to access "System control" => "Services"? I'm not seeing it anywhere and I'm not seeing any way to find "Sql Server Reporting Services". Basically, I'm trying to activate my SQL Server Reporting Services.
I am using SQL Server 2008 Express Management Studio. Is SQL Server Reporting Services included in Express Management Studio? I read, online, that it is, but I can't find it anywhere.
Thanks again!
Ryan--
<input id="gwProxy" type="hidden"><!-- Session data--></input> <input id="jsProxy" onclick="jsCall();" type="hidden" />Thanks Jerry Nee!! This may be exactly what I’m looking for! I went to this link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=B5D1B8C3-FDA5-4508-B0D0-1311D670E336&displaylang=en#filelist
At the top of the page it says, ‘Microsoft® SQL Server® 2008 Express with Advanced Services’, which seems like this is what I’m looking for, so I downloaded the file named ‘SQLEXPRADV_x86_ENU.exe’
Then, I cut that from my desktop and pasted it in my C-drive and I get a message that says, ‘this folder already contains a file named ‘SQLEXPRADV_x86_ENU.exe’, would you like to replace the existing file?’
I’m thinking…what the heck? Do I already have this thing? If so, why can’t I see SQL Server Reporting Services? Maybe I have it now, and I just don’t know how to access the reporting Services features…
Couple quick questions:
What’s the difference b/w these two files:
‘SQLEXPRADV_x64_ENU.exe’ and ‘SQLEXPRADV_x86_ENU.exe’?
Also, my current version of SSMS, Help > About shows this:
Microsoft SQL Server Management Studio
10.0.1600.22 ((SQL_PreRelease).080709-1414 )
Microsoft Data Access Components (MDAC)
2000.085.1132.00 (xpsp.080413-0852)
Microsoft MSXML
2.6 3.0 5.0 6.0
Microsoft Internet Explorer
8.0.6001.18702
Microsoft .NET Framework
2.0.50727.3603
Operating System
5.1.2600
Should Server Reporting Services be included in this version? I think so!!!
Under Start > Programs > Microsoft SQL Server 2008 > Configuration Tools > Reporting Services Configuration Manager, I see this:
Connect to a report server instance:
Server Name:
Report Server Instance:
My server name is ‘'EXCEL-4J2W8KYNP', which I got from Control Panel > System Properties > Computer Name > Full Computer Name;
However, when I put that server name in the box, and hit ‘Find’ I get this message: ‘Report Server WMI Provider error’ Invalid namespace
Details: Invalid Namespace.
I have no idea what this means…
Thanks for everything!
Ryan--- -
Cisco works as snmp/syslog
Hello folks
How to configure ciscoworks 2.5 for as syslog and snmp server and point all my devices asa/switches/ips to send trap and log to it
thanksSyslog server in ciscoworks is pretty simple.
> Configure device to send syslog to ciscoworks
> Subscribe Syslog Collector in Ciscoworks
> Set correct filters and Generate report to see syslogs.
When Syslog is recived in Syslog.log(win)/Syslog_info(sol/lin) Syslog collector pics syslog message from that flat log/text file and send it to Syslog Db after filtering messages as per filter settings.
Subscribing Syslog Collector however differs with LMS version. Please see:
LMS 3.x :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1123042
LMS 4.x:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/collection.html#wp1059476
Syslog Documents for Ciscoworks:
http://docwiki.cisco.com/wiki/Network_Management_Configuration_Example_for_Ciscoworks_LMS_Syslog_Configuration_via_GUI
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml
-Thanks -
Cisco Work (LMS 2.6) Device Configuration
Hi,
Can anyone tell me where is the default location of device configuration ( Running conf ) saved in Cisco Work (LMS 2.6) Server.
Thanks & Regds,
Lalitif you enable the so called shadow directory feature under: Admin -> Config Mgmt -> Archive Mgmt -> Archive Settings
then the defaut location is \CSCOpx\files\rme\dcma
Cheers,
Michel -
How can I use my MAC OS X as syslog server ??
Hi Team,
Can you please help me in configuring my MAC machine as syslog server for my Cisco routers ?? I have the devices on same network and would like to forward all syslog messages to my MAC machine for analysing them.
Thanks,Crocosmia wrote:
Thank you for advise, will try apple store another thing how can I increase my ramm and memory
Check your machine's actual specifications here.
It looks like you can support up to 3 MByte in a 17" iMac and up to 4 Mbyte in a 20" iMac, if your cache size coordinates with the specs on the linked page.
OWC says you should be able to put 4 Gbyte into your machine here. Wherever you get the memory, it would be a good addition. This is the Apple Store listing for your machine, as near as I can figure it. -
SCOM 2012 collect Windows Audit logs and forward them to a Linux Syslog server
Hello:
1. We have a SCOM 2012 server.
2. We have SNARE agents for PCI systems, but now we want to save money by gathering all events for all Windows servers using its native features.
3. We also have a centralized Linux server running SYSLOG which aggregates the logs to our Dell LogVault retention appliance (for PCI purposes)
Thus, my question:
In effort to remove the SNARE agents from the windows servers, can we implement Audit Collections Services (ACS) in the windows environment so that they collect/forward audit/event logs to the SCOM 2012 server and then SCOM forwards the events to the centralized
syslog Linux server? In which case they are aggregated to the Dell appliance.
We prefer to use the Linux syslog as the centralized log server but would like to know how to go about implementing the solution above.
Many thanks,
Robert Perez-CoronaHi,
Here is a thread about how to make SCOM 2012 work as a syslog server, hope this can be helpful for you:
https://social.technet.microsoft.com/Forums/en-US/524ea527-c069-40f9-96ef-026a4aa06fe9/make-scom-2012-a-syslog-server?forum=operationsmanagergeneral
Regards,
Yan Li
Regards, Yan Li -
Configuring Cisco Router for use with Syslog Server
Configuring Cisco Router for use with Syslog Server:
Does anyone know of a good doc for this?
-AshleyStart with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
And if you need more informations, just ask what you want to achieve.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Can Cisco Prime Infra 2.1 work as syslog server
Hello all,
Customer want Cisco Prime Infra 2.1 to work as syslog server. they want to query text in syslog and get raw log file from Cisco Prime Infra. but when i see in user interface. I think that it cannot query and search text in syslog. but i am not sure whether we can get raw log file per devices from Cisco Prime Infra. Can anyone know about this.?
thanks
sompojHi Sompoj,
In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
, the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
syslog messages will not be saved into log files .
Thanks-
Afroz
****Ratings Encourages Contributors **** -
Cisco PI syslog server configuration
Hi all,
I need to configure the PI as syslog server and get the log file from the PI to read it ??
how can I do it, please advice
thanks in advanceHi,
Which prime version are you using ?
Here is what Prime 2.1 user guide says
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/user/guide/pi_ug/alarms.html#pgfId-1054572
Prime Infrastructure logs all emergency, alert, and critical messages generated by all devices that are managed by Prime Infrastructure.
Prime Infrastructure also logs all SNMP messages and syslogs it receives. To view syslogs, choose Operate > Alarms & Events , then click the Syslogs tab.
Syslog Predefined Filters
Prime Infrastructure uses the following syslog filters:
Severity 0 and 1
Severity 2
Environmental Monitor
Memory Allocation Failure
Catalyst Integrated Security Features
Cisco IOS Firewall Denial of Service
Read this thread as well, it talks about tweak this setting, but it could leads to fill up your prime disk space quickly.
https://supportforums.cisco.com/discussion/11645481/prime-infrastructure-12-syslog
HTH
Rasika
**** Pls rate all useful responses **** -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Configuration required in Cat 4006 to forward errors to syslog server
Hi,
I have setup a Kiwi syslog server. I want to configure in my Cat 4006 switch to forward the following messages to my syslog server
1. configuration changes
2. Vlan creation /modification
3. Power supply failures/module failures/temperature
4. When the processor utlization exceeds more than 75% , it should send a alert message to syslog server
5. Switch restart
6. Trap for any changes in Uplink ports only. There are 4 uplinks to other Switches from 4006. If any problem with these ports (uplink), it should send message to syslog server , not for all ports
Thanks in advance
RajuHi
I feel this link will be of some help to u in configuring different severity levels for different facilities available.
http://www.cisco.com/en/US/partner/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800d81c8.html
By default for abnormal temp conditions u will get logs in the syslog server if u have already pointed the logs to the syslog server..
regds -
Where are syslogs stored, if I point my devices to Cisco Prime acting as my syslog server? I am running 2.0
thanks, JerryHi ,
As of now , this feature is not available , I mean PI will not work as syslog server.
Syslog messages received by PI from managed devices are found under Monitor > Alarms and Events > Syslogs
as you are using PI 2.2 , you will be able to see all device syslog messages (0-7 severity)
That display will show you up to 200,000 messages at a time.
Check the below link for other related details proved by Marvin :
https://supportforums.cisco.com/discussion/12486126/cisco-prime-syslog-functionality#sthash.Wbj2a3lj.dpuf
Thanks-
Afroz
***Ratings Encourages Contributors **** -
Cisco works windows 2000 server (IDS)
I installed cisco works prepared for monitoring IDS Sensor, but i have some problem Access Apache windows folders
Error: The requested URL cannot be reached because client denied by server configuration: c:/program files/cscopx/htdocs/csconm
Description: 403 Forbidden is the HTTP status code returned by the Apache web server when either the user or the server itself has insufficient access rights to the URL.
You are not allowed access to this URL due to insufficient access rights. This may be due to an incorrect installation of the product. Please refer to your product's installation guide.Please try the following:
Stop Daemon Manager. Type in "c:\net stop crmdmgtd " in the Windows command line
Then go to: NMSROOT\lib\web\conf\allow_files.conf (where NMSROOT is Progra~1\CSCOpx)
Please check if this file has the following entries
/index.html
/login.html
/mainPanel.html
/JSP/cmf/admin/index.jsp
/login1.html
Afterwards, restart Daemon Manager. Type in "c:\ net start crmdmgtd" in the CLI.
And try to access the server again.
HTH,
-J
Maybe you are looking for
-
Help in putting movies into pdf with Acrobat 8.0 Pro for a free textbook
For the next version of my free 1500 page physics text ( download at www.motionmountain.net ) I have big problems. I need to use Acrobat Distiller, I have bought it for this reasons, but I do not get embedded movies to work. Distiller does not find t
-
Converting PDF to Word - Unable to sign in
Need help signing in to convert PDF to Word. Purchased program for online converting but receive error every time I try to log in. Need help???
-
Hi, I've got a spare ultra 5 lying around and i need someone to walk me through a SAMP installation. Is the hardware too old for Solaris 10? I'm hesitant to put linux on it as i want to try and get into solaris. Thanks
-
Posterization in Lightroom 4.4 and Photoshop CS6
I'm struggling with posterization in Lightroom 4.4 and Photoshop CS6. I'm shooting RAW on a Nikon D800. Unedited bright sunset photos show nasty posterization. Screenshot is included, unedited. Any suggestions on what to do about this?
-
My A1200 is shooting video at 10x. How do I get it to go back to 1x?
How do I get back to 1x video recording? e