Skip to content

Belajar Mengkonfigurasi logging dirouter cisco

Belajar Mengkonfigurasi logging dirouter cisco
Topologi yang digunakan adalah:

Kita menggunakan Kiwi Syslog Daemon untuk a Syslog server
,software bisa diperoleh di http://www.kiwisyslog.com

Langkah-langkah konfigurasi dirouter adalah:

konfigurasi ip address untuk Syslog Server, dengan perintah
logging host [ip address syslog server]

--------------------------------------------
cnc(config)# logging host 192.168.10.50
--------------------------------------------

cnc(config)#logging trap ?
 <0-7>          Logging severity level
 alerts         Immediate action needed           (severity=1)
 critical       Critical conditions               (severity=2)
 debugging      Debugging messages                (severity=7)
 emergencies    System is unusable                (severity=0)
 errors         Error conditions                  (severity=3)
 informational  Informational messages            (severity=6)
 notifications  Normal but significant conditions (severity=5)
 warnings       Warning conditions                (severity=4)
 <cr>

Selanjutnya kita menentukan level yang akan kita set,
defaultnya adalah informational [severity=6]
--------------------------------------------
cnc(config)#logging trap
cnc(config)# logging trap critical
cnc(config)# logging trap informational
cnc(config)# logging userinfo
cnc(config)# end
cnc#

--------------------------------------------
untuk di Syslog server:
klik Programs > Kiwi Enterprises > Kiwi Syslog Daemon > Kiwi Syslog Daemon

lalu untuk mengaktifkannya:
Manage > Start the Syslogd service

--------------------------------------------
how to check:
--------------------------------------------
Di Syslog Server

Dirouter:
dengan perintah logging userinfo, kita bisa melihat syslog message
secara langsung

cnc#disable
cnc>
*Apr  3 20:08:38.283: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 1 by unknown on consoleena
Password:
cnc#
*Apr  3 20:08:43.695: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by unknown on console
--------------------------------------------

cnc#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

 Console logging: level debugging, 33 messages logged, xml disabled,
 filtering disabled
 Monitor logging: level debugging, 0 messages logged, xml disabled,
 filtering disabled
 Buffer logging:  level debugging, 33 messages logged, xml disabled,
 filtering disabled
 Logging Exception size (8192 bytes)
 Count and timestamp logging messages: disabled
 Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

 Trap logging: level informational, 37 message lines logged
 Logging to 192.168.10.50  (udp port 514,  audit disabled,
 authentication disabled, encryption disabled, link up),
 8 message lines logged,
 0 message lines rate-limited,
 0 message lines dropped-by-MD,
 xml disabled, sequence number disabled
 filtering disabled

Log Buffer (8192 bytes):

*Apr  3 19:48:42.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0, changed state to up
*Apr  3 19:48:42.043: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Apr  3 19:48:42.051: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*Apr  3 19:48:42.055: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
*Apr  3 19:48:42.063: %LINEPROTO-5-UPDOWN: Line protocol on Interface SSLVPN-VIF0, changed state to up
*Apr  3 19:48:43.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Apr  3 19:48:43.051: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
*Apr  3 19:48:43.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up
*Apr  3 19:48:48.239: %SYS-5-RESTART: System restarted --
*Apr  3 19:48:48.275: %ENTITY_ALARM-6-INFO: ASSERT INFO Fa0/0 Physical Port Administrative State Down
*Apr  3 19:48:48.427: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Apr  3 19:48:48.427: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Apr  3 19:48:48.615: %ENTITY_ALARM-6-INFO: ASSERT INFO Fa1/0 Physical Port Administrative State Down
*Apr  3 19:48:48.619: %ENTITY_ALARM-6-INFO: ASSERT INFO Fa1/1 Physical Port Administrative State Down
*Apr  3 19:48:48.619: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Apr  3 19:48:48.635: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Apr  3 19:48:48.635: %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
*Apr  3 19:48:48.639: %LINK-5-CHANGED: Interface FastEthernet1/1, changed state to administratively down
*Apr  3 19:48:49.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Apr  3 19:48:49.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to down
*Apr  3 19:48:49.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to down
*Apr  3 19:49:15.079: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Apr  3 19:49:15.079: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa0/0 Physical Port Administrative State Down
*Apr  3 19:49:16.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Apr  3 19:50:56.619: %SYS-5-CONFIG_I: Configured from console by console
*Apr  3 19:53:58.271: %SYS-5-CONFIG_I: Configured from console by console
*Apr  3 19:53:59.279: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.10.50 port 514 started - CLI initiated
*Apr  3 19:55:59.779: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by unknown on vty0 (192.168.10.2)
*Apr  3 19:58:24.319: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by unknown on vty0 (192.168.10.2)
*Apr  3 20:01:15.151: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 1 by unknown on console
*Apr  3 20:01:19.039: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by unknown on console
*Apr  3 20:02:02.283: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by unknown on vty0 (192.168.10.2)
*Apr  3 20:07:02.999: %SYS-5-CONFIG_I: Configured from console by console
cnc#
--------------------------------------------

ref:
CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Lab 5-5
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: