remote syslog server in linux

harshaabba · 04-01-2011, 01:23 AM

hi all,

I configured remote syslog server in order to log my routers logging messages. It will log all the Interface UP/Down Notifications.

But It didnt log the authentication (either successful or failure) messages once I log to remote router.

How can I enable this ? My syslog.conf configuration look like this(attached).

How can I modify this to acheive my requirement.

your responses are highly.

acid_kewpie · 04-01-2011, 02:26 AM

your config is not attached.

our responses are highly what?

all traffic hitting the box should be logged, so it's more than likely that the logs do not exist, you've not said anything about what routers you're using, so commenting on their config is impossible. You can use tcpdump to watch incoming traffic and see if it exists and also what facility / priority it has in case something is slipping through the cracks, but that's unlikely.

harshaabba · 04-01-2011, 03:39 AM

hi all,

now I attached the config. Im using cisco routers. I confogigured following in my router

logging <syslog-server-ip>
logging source fa 0/0
logging trap notifications

I directeg all logging messages to /logs/cisco/cis file. Logs created except the loging authenication messages.

sample log file
Apr 1 13:48:52 [IP] 94855: Apr 1 13:48:51: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0.91 (not half duplex), with 899F Ethernet0 (half duplex).
Apr 1 13:48:54 [IP] 113419: 21w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/9, changed state to down
Apr 1 13:48:54 [IP] 113420: 21w0d: %LINK-3-UPDOWN: Interface GigabitEthernet0/9, changed state to down
Apr 1 13:49:07 [IP] 113421: 21w0d: %LINK-3-UPDOWN: Interface GigabitEthernet0/9, changed state to up

If a user try to log using incorrect username/password it should log in this file. But at the moment it's not happenning.

acid_kewpie · 04-01-2011, 05:44 AM

again, you need to show that the message is reaching the box, if it's not you can't blame the box itself can you?

harshaabba · 04-01-2011, 06:01 AM

Quote:

Originally Posted by acid_kewpie

again, you need to show that the message is reaching the box, if it's not you can't blame the box itself can you?

I didnt get your point. Whats the fault with my configuration ?

acid_kewpie · 04-01-2011, 06:24 AM

you clearly don't get my point as I keep saying it's probably not your configuration at all. is the traffic hitting the box in the first place?

jdavis2 · 04-03-2011, 10:33 AM

Have you tried the following:

login on-success log
login on-failure log

harshaabba · 04-04-2011, 09:49 PM

Quote:

Originally Posted by jdavis2

Have you tried the following:

login on-success log
login on-failure log

tnx davis .I got working this by doing your configuration.

jdavis2 · 04-05-2011, 05:08 PM

That's great news, glad it work out for you.