linux for cisco 日志服务器搭建_by随风

http://blog.sina.com.cn/u/2115559631

首页博文目录关于我

个人资料

微博

加好友发纸条

写留言加关注

博客等级：
博客积分：

博客访问：
关注人气：
获赠金笔：0支
赠出金笔：0支
荣誉徽章：

正文字体大小：大中小

linux for cisco 日志服务器搭建

(2011-12-15 14:10:00)

标签：

it

分类：网络知识

目的:

搭建记录CISCO 日志事件的LINUX服务器.

2.cisco交换机地址:10.0.0.71

Linux地址:192.168.80.63

3.试验步骤主要分两大块

1)交换机

首先设置交换机能够发出日志

开启:

(config)#logging on (开启日志)

(config)# logging facility local4 (local4设备号,这要和LINUX那对应)

(config)#logging 192.168.80.63

(config)#logging trap

注意:logging trap level 指定日志消息的级别

http://img1.51cto.com/attachment/201001/201001141263471784699.jpgfor cisco 日志服务器搭建" />

logging facility命令更改设备号,并Show logging

2)LINUX

2.1 设置/etc/syslog.conf 配置文件文件(此文件是设置cisco发过来的文件到那个文件)

[root@localhost log]# vi /etc/syslog.conf

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

local4.* /var/log/80.log

(*表示所有消息) (这里local4就是和cisco设置的local4对应,并且它把cisco发过来的日志放到var/log/80.log)

可以用man syslog 共有8种消息等级.

#define KERN_EMERG "<0>"

#define KERN_ALERT "<1>"

#define KERN_CRIT "<2>"

#define KERN_ERR "<3>"

#define KERN_WARNING "<4>"

#define KERN_NOTICE "<5>"

#define KERN_INFO "<6>"

#define KERN_DEBUG "<7>"

alert －需要立即采取的动作
crit －临界状态
err －错误状态。等同error
warning －预警信息，等同warn
notice －正常但是要注意
info －正常消息
debug －调试
none －一般的信息

2.2修改配置文件/etc/sysconfig/syslog

改这里是因为需要linux去读取来的消息

# Options to syslogd

# -m 0 disables 'MARK' messages.

# -r enables logging from remote machines

# -x disables DNS lookups on messages recieved with –r (不用DNS解析)

# See syslogd(8) for more details

SYSLOGD_OPTIONS=" -m 0" 修改为 SYSLOGD_OPTIONS="-r -x -m 0"

# Options to klogd

# -2 prints all kernel oops messages twice; once for klogd to decode, and

# once for processing with 'ksymoops'

# -x disables all klogd processing of oops messages entirely

# See klogd(8) for more details

KLOGD_OPTIONS="-x"

SYSLOG_UMASK=077

# set this to a umask value to use for all log files as in umask(1).

# By default, all permissions are removed for "group" and "other".

2.3修改文件syslog 之后

重启syslog服务

Service syslog restart

2.4 查看syslogd进程

ps –ef |grep syslogd |grep –v “grep syslogd”

root 30307 1 0 13:59 ? 00:00:00 syslogd -r -x -m ###有-r 就表示成功

2.5 设置LINUX 允许cisco数据包进来.

[root@localhost log]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT udp -- anywhere 192.168.80.63 udp dpt:syslog

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

命令是: iptables –A INPUT –p udp –d 192.168.80.63 –dport 514 –j ACCEPT

2.6 查看日志服务器监听的udp端口：514

netstat -untl |grep 514

udp 0 0 0.0.0.0:514 0.0.0.0:* ###514 已经起来

这样,查看80.log是否有记录

[root@localhost log]# cat /var/log/80.log

Jan 14 21:36:06 10.0.0.71 949: 001021: *Mar 14 00:47:29: %SYS-5-CONFIG_I: Configured from console by abc on vty1 (192.168.2.1)

Jan 14 22:51:04 10.0.0.71 950: 001022: *Mar 14 02:01:32: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to up

Jan 14 22:51:05 10.0.0.71 951: 001023: *Mar 14 02:01:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up

阅读┊ 收藏 ┊ 喜欢 ▼ ┊打印┊举报/Report

前一篇：一个Iptables脚本

后一篇：BAT详解附例子讲解

新浪BLOG意见反馈留言板　欢迎批评指正