LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-01-2011, 02:23 AM   #1
harshaabba
Member
 
Registered: Aug 2009
Posts: 73

Rep: Reputation: -14
remote syslog server in linux


hi all,

I configured remote syslog server in order to log my routers logging messages. It will log all the Interface UP/Down Notifications.

But It didnt log the authentication (either successful or failure) messages once I log to remote router.

How can I enable this ? My syslog.conf configuration look like this(attached).

How can I modify this to acheive my requirement.

your responses are highly.
Attached Files
File Type: txt syslog-conf.txt (1.0 KB, 23 views)

Last edited by harshaabba; 04-01-2011 at 04:32 AM.
 
Old 04-01-2011, 03:26 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
your config is not attached.

our responses are highly what?

all traffic hitting the box should be logged, so it's more than likely that the logs do not exist, you've not said anything about what routers you're using, so commenting on their config is impossible. You can use tcpdump to watch incoming traffic and see if it exists and also what facility / priority it has in case something is slipping through the cracks, but that's unlikely.
 
Old 04-01-2011, 04:39 AM   #3
harshaabba
Member
 
Registered: Aug 2009
Posts: 73

Original Poster
Rep: Reputation: -14
remote syslog server in linux

hi all,

now I attached the config. Im using cisco routers. I confogigured following in my router

logging <syslog-server-ip>
logging source fa 0/0
logging trap notifications

I directeg all logging messages to /logs/cisco/cis file. Logs created except the loging authenication messages.

sample log file
Apr 1 13:48:52 [IP] 94855: Apr 1 13:48:51: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0.91 (not half duplex), with 899F Ethernet0 (half duplex).
Apr 1 13:48:54 [IP] 113419: 21w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/9, changed state to down
Apr 1 13:48:54 [IP] 113420: 21w0d: %LINK-3-UPDOWN: Interface GigabitEthernet0/9, changed state to down
Apr 1 13:49:07 [IP] 113421: 21w0d: %LINK-3-UPDOWN: Interface GigabitEthernet0/9, changed state to up

If a user try to log using incorrect username/password it should log in this file. But at the moment it's not happenning.
 
Old 04-01-2011, 06:44 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
again, you need to show that the message is reaching the box, if it's not you can't blame the box itself can you?
 
Old 04-01-2011, 07:01 AM   #5
harshaabba
Member
 
Registered: Aug 2009
Posts: 73

Original Poster
Rep: Reputation: -14
Quote:
Originally Posted by acid_kewpie View Post
again, you need to show that the message is reaching the box, if it's not you can't blame the box itself can you?
I didnt get your point. Whats the fault with my configuration ?
 
Old 04-01-2011, 07:24 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
you clearly don't get my point as I keep saying it's probably not your configuration at all. is the traffic hitting the box in the first place?
 
Old 04-03-2011, 11:33 AM   #7
jdavis2
Member
 
Registered: Feb 2007
Distribution: Fedora, Mandrake, Knoppix, Windows XP
Posts: 37

Rep: Reputation: 15
Could your cisco config be missing directives?

Have you tried the following:

login on-success log
login on-failure log
 
Old 04-04-2011, 10:49 PM   #8
harshaabba
Member
 
Registered: Aug 2009
Posts: 73

Original Poster
Rep: Reputation: -14
Quote:
Originally Posted by jdavis2 View Post
Have you tried the following:

login on-success log
login on-failure log
tnx davis .I got working this by doing your configuration.
 
Old 04-05-2011, 06:08 PM   #9
jdavis2
Member
 
Registered: Feb 2007
Distribution: Fedora, Mandrake, Knoppix, Windows XP
Posts: 37

Rep: Reputation: 15
That's great news, glad it work out for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Remote Syslog Server Operation kaplan71 Linux - Software 16 08-17-2011 12:51 PM
Remote Syslog-np server Cheza Linux - Server 2 11-07-2007 08:33 PM
Syslog to a Remote Server Antonius_Block Linux - Software 1 05-06-2006 04:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration