Syslog server for Monitoring Cisco devices

Similar Messages

• Adding JBoss Application Server for Monitoring

  How do you add a JBoss Application Server for monitoring? Is there a way to add it silently like silent install of the host target?

  It is a manual process, you need to launch Jboss discover UI using Targets > Middlware page.
  Also, please use JVMD for more detailed analysis.
  You need to specify JARs based on the version of the JBoss -
  Note - Please check the support site for exact certified versions of JBoss.
  JBoss 4:
  dom4j.jar jboss-management.jar jnp-client.jar
  jbossall-client.jar jboss-client.jar
  JBoss 5:
  concurrent.jar jboss-javaee.jar jboss-serialization.jar
  dom4j.jar jboss-jsr77-client.jar jbosssx-as-client.jar
  jbossall-client.jar jboss-logging-spi.jar jbosssx-client.jar
  jboss-client.jar jboss-management.jar jnp-client.jar
  jboss-common-core.jar jboss-remoting.jar jboss-integration.jar jboss-security-spi.jar
  JBoss 6:
  concurrent.jar jboss-management.jar
  dom4j.jar jboss-remoting.jar
  jbossall-client.jar jboss-security-spi.jar
  jboss-client.jar jboss-serialization.jar
  jboss-common-core.jar jbosssx-as-client.jar
  jboss-ejb-api_3.1_spec.jar jbosssx-client.jar
  jboss-integration.jar jboss-transaction-api_1.1_spec.jar
  jboss-jsr77-client.jar jnp-client.jar
  jboss-logging.jar
  If you plan to use JVMD then you should select Remote Agent for discovery/monitoring.
  JNDI service should be configured and Naming Service port should be open.
  Agent should be able to communicate with the host and JNDI port.
  Above list of JARs to be copied on the agent machine (location provided as library path during discovery)
  Could you please share customer details and usecases.

• Syslog server for access points

  Hello,
  On the controller, when you look at an access points config. There is the syslog server for the access point with the default ip address of 255.255.255.255. I was wondering if there was any way to disable the syslog server for the access points. The only thing I've found so far is that the ip address of the syslog server can be changed.
  Thanks,

  i am not sure if "no" command works.
  but on 5.2 ver
  config logging trap disable global
  disbale/ enable is the key to set the ip address for syslog server

• CiscoWorks LMS 4.1, syslog analyzer parsing non-Cisco device.

  Hello.
  Can Syslog Analyzer parse syslog messages coming from a Non-Cisco device?
  I'm trying to parse message from a HP Virtual Connect module without success.
  Thanks.
  Andrea

  Hi Andrea,
  You could use syslog-ng to write a generic mnemonic into the message and forward it to LMS.
  Something like:
  syslog-ng->add fac-sev-mne: message->lms
  However, I would also caution you that LMS is *not* meant to be a "syslog" manager - there are usually way to many syslog messages in most environments for it to handle that many - which is why most syslog managers are standalone servers.
  In order to make sure that the NMS systems that syslog-ng forward messages to receive the correct source, syslog-ng needs to be compiled with the source spoof option. This will allow messages received on other NMS’s (such as LMS) to appear to come from the original devices rather than from the syslog-ng server.
  Compiling from source:
  Install the syslog-ng prerequisites from Balabit
  You must configure syslog-ng with --enable-spoof-source in order to enable the spoof source feature (which is disabled by default).
  ./configure --enable-spoof-source
  make && make install
  If you run into any issues during the installation, you can refer to the syslog-ng forum  or you can refer to the syslog-ng knowledge base
  Lastly, here's a great paper on syslog management:
  Building Scalable Syslog Management Solutions

• How can I use my MAC OS X as syslog server ??

  Hi Team,
  Can you please help me in configuring my MAC machine as syslog server for my Cisco routers ?? I have the devices on same network and would like to forward all syslog messages to my MAC machine for analysing them.
  Thanks,

  Crocosmia wrote:
  Thank you for advise, will try apple store  another thing how can I increase my ramm and memory
  Check your machine's actual specifications here.
  It looks like you can support up to 3 MByte in a 17" iMac and up to 4 Mbyte in a 20" iMac, if your cache size coordinates with the specs on the linked page.
  OWC says you should be able to put 4 Gbyte into your machine here.  Wherever you get the memory, it would be a good addition.  This is the Apple Store listing for your machine, as near as I can figure it.

• Cisco Devices Syslog monitoring and user monitoring tools

  Can anyone help me how to monitoring syslog and users log (which command use specific user). if any software or hardware need for this purpose we will purchace it. note that our network running all cisco devices (router, switch, ASA etc) and more then 200 devices are in our network.
  thanks.

  Configuring Cisco Devices to Use a Syslog Server
  Most Cisco devices use the syslog protocol to manage system logs and  alerts. But unlike their PC and server counterparts, Cisco devices lack  large internal storage space for storing these logs. To overcome this  limitation, Cisco devices offer the following two options:
  Internal buffer— The device's operating system  allocates a small part of memory buffers to log the most recent  messages. The buffer size is limited to few kilobytes. This option is  enabled by default. However, when the device reboots, these syslog  messages are lost.
  Syslog— Use a UNIX-style SYSLOG protocol to send  messages to an external device for storing. The storage size does not  depend on the router's resources and is limited only by the available  disk space on the external syslog server. This option is not enabled by  default.
  TIP
  Before configuring a Cisco device to send syslog messages, make  sure that it is configured with the right date, time, and time zone.  Syslog data would be useless for troubleshooting if it shows the wrong  date and time. You should configure all network devices to use NTP.  Using NTP ensures a correct and synchronized system clock on all devices  within the network. Setting the devices with the accurate time is  helpful for event correlation.
  To enable syslog functionality in a Cisco network, you must configure the built-in syslog client within the Cisco devices.
  Cisco devices use a severity level of warnings through emergencies to  generate error messages about software or hardware malfunctions. The  debugging level displays the output of debug commands. The Notice level  displays interface up or down transitions and system restart messages.  The informational level reloads requests and low-process stack messages.
  Configuring Cisco Routers for Syslog
  To configure a Cisco IOS-based router for sending syslog messages to  an external syslog server, follow the steps in Table 4-11 using  privileged EXEC mode.
  Table 4-11. Configuring Cisco Routers for Syslog
  Step
  Command
  Purpose
  1
  Router# configure terminal
  Enters global configuration mode.
  2
  Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone]
  Instructs the system to timestamp syslog messages; the options for the type keyword are debug and log.
  3
  Router(config)#logging host
  Specifies the syslog server by IP address or host name; you can specify multiple servers.
  4
  Router(config)# logging trap level
  Specifies the kind of messages, by severity level, to be  sent to the syslog server. The default is informational and lower. The  possible values for level are as follows:
  Emergency: 0
  Alert: 1
  Critical: 2
  Error: 3
  Warning: 4
  Notice: 5
  Informational: 6
  Debug: 7
  Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
  5
  Router(config)# logging facility facility-type
  Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7.
  6
  Router(config)# End
  Returns to privileged EXEC mode.
  7
  Router# show logging
  Displays logging configuration.
  Note
  When a level is specified in the logging trap level command, the router is configured to send messages with lower severity levels as well. For example, the logging trap warning command configures the router to send all messages with the  severity warning, error, critical, and emergency. Similarly, the logging trap debug command causes the router to send all messages to  the syslog server. Exercise caution while enabling the debug level.  Because the debug process is assigned a high CPU priority, using it in a  busy network can cause the router to crash.
  Example 4-12 prepares a Cisco router to send syslog messages at  facility local3. Also, the router will only send messages with a  severity of warning or higher. The syslog server is on a machine with an  IP address of 192.168.0.30.
  Example 4-12. Router Configuration for Syslog
  Router-Dallas#
  Router-Dallas#config terminal
  Enter configuration commands, one per line. End with CNTL/Z.
  Router-Dallas(config)#logging 192.168.0.30
  Router-Dallas(config)#service timestamps debug datetime localtime show-timezone
     msec
  Router-Dallas(config)#service timestamps log datetime localtime show-timezone msec
  Router-Dallas(config)#logging facility local3
  Router-Dallas(config)#logging trap warning
  Router-Dallas(config)#end
  Router-Dallas#show logging
  Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
      Console logging: level debugging, 79 messages logged
      Monitor logging: level debugging, 0 messages logged
      Buffer logging: disabled
      Trap logging: level warnings, 80 message lines logged
          Logging to 192.168.0.30, 57 message lines logged
  Configuring a Cisco Switch for Syslog
  To configure a Cisco CatOS-based switch for sending syslog messages  to an external syslog server, use the privileged EXEC mode commands  shown in Table 4-12.
  Table 4-12. Configuring a Cisco Switch for Syslog
  Step
  Command
  Purpose
  1
  Switch>(enable) set logging timestamp {enable | disable}
  Configures the system to timestamp messages.
  2
  Switch>(enable) set logging server ip-address
  Specifies the IP address of the syslog server; a maximum of three servers can be specified.
  3
  Switch>(enable) set logging server severity server_severity_level
  Limits messages that are logged to the syslog servers by severity level.
  4
  Switch>(enable) set logging server facility server_facility_parameter
  Specifies the facility level that would be used in the message. The default is local7.  Apart from the standard facility names listed in Table 4-1, Cisco  Catalyst switches use facility names that are specific to the switch.  The following facility levels generate syslog messages with fixed  severity levels:
  5: System, Dynamic-Trunking-Protocol, Port-Aggregation-Protocol, Management, Multilayer Switching
  4: CDP, UDLD
  2: Other facilities
  5
  Switch>(enable) set logging server enable
  Enables the switch to send syslog messages to the syslog servers.
  6
  Switch>(enable) Show logging
  Displays the logging configuration.
  Example 4-13 prepares a CatOS-based switch to send syslog messages at  facility local4. Also, the switch will only send messages with a  severity of warning or higher. The syslog server is on a machine with an  IP address of 192.168.0.30.
  Example 4-13. CatOS-Based Switch Configuration for Syslog
  Console> (enable) set logging timestamp enable
  System logging messages timestamp will be enabled.
  Console> (enable) set logging server 192.168.0.30
  192.168.0.30 added to System logging server table.
  Console> (enable) set logging server facility local4
  System logging server facility set to
  Console> (enable) set logging server severity 4
  System logging server severity set to <4>
  Console> (enable) set logging server enable
  System logging messages will be sent to the configured syslog servers.
  Console> (enable) show logging
  Logging buffered size: 500
  timestamp option: enabled
  Logging history size: 1
  Logging console: enabled
  Logging server: enabled
  {192.168.0.30}
  server facility: LOCAL4
  server severity: warnings(4
  Current Logging Session: enabled
  Facility            Default Severity          Current Session Severity
  cdp                 3                         4
  drip                2                         4
  dtp                 5                         4
  dvlan               2                         4
  earl                2                         4
  fddi                2                         4
  filesys             2                         4
  gvrp                2                         4
  ip                  2                         4
  kernel              2                         4
  mcast               2                         4
  mgmt                5                         4
  mls                 5                         4
  pagp                5                         4
  protfilt            2                         4
  pruning             2                         4
  radius              2                         4
  security            2                         4
  snmp                2                         4
  spantree            2                         4
  sys                 5                         4
  tac                 2                         4
  tcp                 2                         4
  telnet              2                         4
  tftp                2                         4
  udld                4                         4
  vmps                2                         4
  vtp                 2                         4
  0(emergencies)        1(alerts)              2(critical)
  3(errors)             4(warnings)            5(notifications)
  6(information)        7(debugging)
  Console> (enable)
  Configuring a Cisco ASA for Syslog >
  http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html
  You can get a free copy of Syslog server from here
  http://www.kiwisyslog.com/free-edition.aspx
  Hope it helps!!
  Regards

• How can I set-up my mac mini server to be a central file server for my windows boxes (they don't see the mac on the network), and how do I set-up a central iTunes server so that all my devices sync to the mac mini?

  I am looking for step by step instructions to configure my mac mini server to support the following:
  1. Central itunes server for all my devices (ipad, ipod, iphone, etc.)
  2. Central file server so that my windows devices can save and retrieve data from the central system (the mac does not show up in the network for the windows systems - all running windows XP or 7)
  Thanks,
  Keith

  You will need to enable file sharing in System Preferences
  as well as setting up sharing and permissions for the
  directories that you want shared.  You may also want to
  setup a non-administrative user or allow limited guest
  access.  The user would require entering a user name and
  password to make the connection, but would allow remotes
  to change files, if set up tat way.
  As for serving iTunes media, better to post in the iTunes forum.

• Configuring Cisco Router for use with Syslog Server

  Configuring Cisco Router for use with Syslog Server:
  Does anyone know of a good doc for this?
  -Ashley

  Start with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
  And if you need more informations, just ask what you want to achieve.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Cisco Prime syslog server

  Where are syslogs stored, if I point my devices to Cisco Prime acting as my syslog server? I am running 2.0
  thanks, Jerry

  Hi ,
  As of now , this feature is not available , I mean PI will not work as syslog server.
  Syslog messages received by  PI from managed devices are found under Monitor > Alarms and Events > Syslogs
  as you are using PI 2.2 , you will be able to see all device syslog messages (0-7 severity)
  That display will show you up to 200,000 messages at a time.
  Check the below link for other related details proved by Marvin :
  https://supportforums.cisco.com/discussion/12486126/cisco-prime-syslog-functionality#sthash.Wbj2a3lj.dpuf
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ****

• Cisco ISE and external syslog server

  Hi Security Experts,
  We are starting with deploying cisco ISE (Identity Services Engine) in our network. We have allocated 250GB space for (Admin+Monitor) ISE node.
  I want to know if we can send the logs from monitoring node to external syslog server after a defined time interval.
  For example, logs which are more than 10 days old should be sent to external syslog server. So basically our monitoring node will have logs which are at the max 9 days old. Is it possible? Could you point me to some doc which explains configuration of the same?
  Thanks,
  Kashish

  No this isnt possible via syslog. What you are looking for is database purging, so that the monitoring database is purged after a specific time interval. Here is a guide that will help shed some light on this:
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_mnt.html#wp1054328
  Tarik Admani
  *Please rate helpful posts*

• Alarms for Third party devices on Cisco PI v 2.1

  Is it possible to receive alarms for third party devices in Cisco Prime Infrastructure 2.1? If so how do i configure PI to show the alarms?

  Hi,
  AFAIk, It is not possible to receive alarms for third party devices in Cisco Prime Infrastructure 2.1.
  we have very limited support of 3rd party devices in PI. third party devices only snmp polling, snmp traps and syslog will work
  Third-party support   
   ●  Ability to discover and monitor third-party (non-Cisco) switches that support RFC 1213 and wireless controllers/access points from Aruba Networks
  Thanks-
  Afroz
  ****Ratings Encourages Contributors ****

• Cisco PI syslog server configuration

  Hi all,
  I need to configure the PI as syslog server and get the log file from the PI to read it ??
  how can I do it, please advice
  thanks in advance

  Hi,
  Which prime version are you using ?
  Here is what Prime 2.1 user guide says
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/user/guide/pi_ug/alarms.html#pgfId-1054572
  Prime Infrastructure logs all emergency, alert, and critical messages generated by all devices that are managed by Prime Infrastructure.
  Prime Infrastructure also logs all SNMP messages and syslogs it receives. To view syslogs, choose Operate > Alarms & Events , then click the Syslogs tab.
  Syslog Predefined Filters
  Prime Infrastructure uses the following syslog filters:
  Severity 0 and 1
  Severity 2
  Environmental Monitor
  Memory Allocation Failure
  Catalyst Integrated Security Features
  Cisco IOS Firewall Denial of Service
  Read this thread as well, it talks about tweak this setting, but it could leads to fill up your prime disk space quickly.
  https://supportforums.cisco.com/discussion/11645481/prime-infrastructure-12-syslog
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Configure Cisco Works as a Syslog Server ???

  Hi Friends,
                     Is it possible to configure syslog server in Cisco Works,if possible please share the steps need to be configutreed..

  Syslog server in ciscoworks is pretty simple.
  > Configure device to send syslog to ciscoworks
  > Subscribe Syslog Collector in Ciscoworks
  > Set correct filters and Generate report to see syslogs.
  When Syslog is recived in Syslog.log(win)/Syslog_info(sol/lin) Syslog collector pics syslog message from that flat log/text file and send it to Syslog Db after filtering messages as per filter settings.
  Subscribing Syslog Collector however differs with LMS version. Please see:
  LMS 3.x :
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1123042
  LMS 4.x:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/collection.html#wp1059476
  Syslog Documents for Ciscoworks:
  http://docwiki.cisco.com/wiki/Network_Management_Configuration_Example_for_Ciscoworks_LMS_Syslog_Configuration_via_GUI
  http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_tech_note09186a00800a7275.shtml
  -Thanks

• Can Cisco Prime Infra 2.1 work as syslog server

  Hello all,
      Customer want Cisco Prime Infra 2.1 to work as syslog server.  they want to query text in syslog and get raw log file from Cisco Prime Infra.  but when i see in user interface.  I think that it cannot query and search text in syslog.  but i am not sure whether we can get raw log file per devices from Cisco Prime Infra.   Can anyone know about this.?
  thanks
  sompoj

  Hi Sompoj,
  In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
  , the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
  syslog messages will not be saved into log files .
  Thanks-
  Afroz
  ****Ratings Encourages Contributors ****

• Cisco devices configuration for CW-LMS

  Hello,
  I am new to CiscoWorks LMS. I am working with a LMS 3.2 fresh installation. I added all the devices (routers, switches and 3 ASAs) into the DCR. Now I need to know how to configure the devices to send relevant info to the CW LMS machine. I am looking for something similar to this:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap10.html#wp1056411
  This is a deployment model for Cisco MARS, which shows what to configure on each device in the network to send the most relevant info (syslog, netflow) to the Cisco MARS.
  Is there a best practice for CW LMS regarding this? For example, what syslog level should the routers send to the LMS?
  Thank you!

  There is a deployment guide whitepaper for LMS at http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_white_papers_list.html .  As for what to do syslog-wise, you should configure your logging facility to be local7 (this is the default on IOS, but not on ASA OS), and send at least sev 5 or higher messages.  You may want to bump that up to sev 6 (informational), but sev 5 for IOS devices will be sufficient to get things like configuration change messages.  For CatOS, you definitely want sev 6.