Имеется маршрутизатор Cisco 2811. Предполагается отправка логов на syslog-сервер.version 12.4
parser config cache interface
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
no service dhcp
!
hostname BORouter
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
logging console informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
clock timezone Minsk 3
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name obltorg.by
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxx
username administrator privilege 15 secret 5 xxxxxxxxxxxxxxxxxx
username vpnuser password 7 xxxxxxxxxxxxxxx
archive
log config
hidekeys
path ftp://192.168.100.230/BORouter-$t
write-memory
!
!
!
ip tcp timestamp
ip tcp synwait-time 5ip ftp username cisco
ip ftp password 7 xxxxxxxxxxxx
ip ssh version 2
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
no ip address
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.100.254 255.255.255.0
!
!
interface FastEthernet0/0.3
description ASSORTY VLAN 3
encapsulation dot1Q 3
ip address 192.168.3.250 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface FastEthernet0/0.100
description OBLTORG OFFICE VLAN 100encapsulation dot1Q 100
ip address 192.168.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1/0
shutdown
!
interface FastEthernet0/1/1shutdown
!
interface FastEthernet0/1/2
shutdown
!
interface FastEthernet0/1/3
shutdown
!
interface FastEthernet0/1/4
shutdown
!
interface FastEthernet0/1/5
shutdown
!
interface FastEthernet0/1/6
shutdown
!
interface FastEthernet0/1/7
shutdown
!
interface FastEthernet0/1/8
shutdown
!
interface Serial0/2/0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
no ip address
!
interface Dialer1
ip address negotiated
ip access-group FROM_INET in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname obltorg
ppp chap password 7 xxxxxxxxxxxxxxxxx
!
ip local pool VPN_POOL 192.168.50.1 192.168.50.8
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.11.0.0 255.255.0.0 192.168.101.250
ip route 192.168.0.0 255.255.0.0 Null0
ip route 192.168.110.0 255.255.255.0 192.168.100.126
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat translation timeout 300
ip nat inside source list INET interface Dialer1 overload
ip nat inside source static tcp 192.168.3.252 3201 yy.yy.yy.yy 3201 extendable
ip nat inside source static tcp 192.168.1.223 3389 yy.yy.yy.yy 3386 extendable
ip nat inside source static tcp 192.168.100.101 3389 yy.yy.yy.yy 3389 extendable
!
ip access-list extended FROM_INET
remark Traffic allowed to enter the router from Internet
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip any host 255.255.255.255
deny tcp any any eq 135
deny tcp any eq 135 any
deny udp any any eq 135
deny udp any eq 135 any
deny tcp any any range 137 139
deny tcp any range 137 139 any
deny udp any any range netbios-ns netbios-ss
deny udp any range netbios-ns netbios-ss any
deny tcp any any eq 445
deny tcp any eq 445 any
deny udp any any eq 445
deny udp any eq 445 any
deny tcp any any eq 6600
deny tcp any eq 6600 any
deny udp any any eq 6600
deny udp any eq 6600 any
permit udp any any eq isakmp
permit esp any any
permit tcp any any eq 1723
permit tcp any any eq 3201
permit gre any anypermit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any administratively-prohibited
permit icmp any any echo
permit ip any any
ip access-list extended INET
remark Traffic allowed to INET
deny tcp any any eq 135
deny tcp any eq 135 any
deny udp any any eq 135
deny udp any eq 135 any
deny tcp any any range 137 139
deny tcp any range 137 139 any
deny udp any any range netbios-ns netbios-ss
deny udp any range netbios-ns netbios-ss any
deny tcp any any eq 445
deny tcp any eq 445 any
deny udp any any eq 445
deny udp any eq 445 any
deny tcp any any eq 6600deny tcp any eq 6600 any
deny udp any any eq 6600
deny udp any eq 6600 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
deny ip any any
!
logging trap errors
logging facility local4
logging 192.168.100.231
access-list 99 permit 192.168.100.101
access-list 99 permit 192.168.1.234
access-list 99 remark ACLs to Cisco SSH
access-list 99 permit 192.168.1.160
access-list 99 permit 192.168.100.230
access-list 99 permit 192.168.100.231access-list 99 deny any
dialer-list 1 protocol ip permit
!
!
route-map INET permit 10
match ip address INET
match interface Dialer1
!
route-map BIB permit 10
match ip address BIB
match interface FastEthernet0/0.13
!
!
control-plane
!
!
!
!
!
line con 0
transport preferred none
escape-character 3
line aux 0
line vty 0 4
access-class 99 in
exec-timeout 15 0
logging synchronous
transport input ssh
escape-character 3
line vty 5 15
access-class 99 in
exec-timeout 15 0
logging synchronous
transport input ssh
escape-character 3
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 192.168.100.230
endBORouter#
На адресе 192.168.100.231 работает syslog-сервер. Однако никаких логов туда не поступает.
Команда
show logging сообщает:BORouter#sho logging
Syslog logging: enabled (0 messages dropped, 3924 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level informational, 17572 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level warnings, 981 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabledNo active filter modules.
ESM: 0 messages dropped
Trap logging: level errors, 7 message lines logged
Logging to 192.168.100.231 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link down),
0 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabledLog Buffer (51200 bytes):
Не могу, понять почему "link down" в последнем выводе.
Помогите, коллеги!
1. Проверить доступность сервера с cisco. Для порядка можно указать logging source-interface FastEthernet0/0.12. У вас стоит logging trap errors. Может ошибок просто нет. Попробуйте поднять уровень до info и передернуть хост (no logging host/logging host), должно упасть сообщение на сервер типо logging syslog started.
> 1. Проверить доступность сервера с cisco. Для порядка можно указать logging source-interface
> FastEthernet0/0.1
> 2. У вас стоит logging trap errors. Может ошибок просто нет. Попробуйте
> поднять уровень до info и передернуть хост (no logging host/logging host),
> должно упасть сообщение на сервер типо logging syslog started.Мухи отдельно котлеты отдельно.
То что настроено здесь
logging trap errors
logging facility local4
logging 192.168.100.231это уходит удаленной стороне.
А здесь пишеться с сислог девайса
logging buffered 51200 warnings
поставьде хотя бы inform
>[оверквотинг удален]
>> должно упасть сообщение на сервер типо logging syslog started.
> Мухи отдельно котлеты отдельно.
> То что настроено здесь
> logging trap errors
> logging facility local4
> logging 192.168.100.231
> это уходит удаленной стороне.
> А здесь пишеться с сислог девайса
> logging buffered 51200 warnings
> поставьде хотя бы informТеперь выглядит так:
logging trap notifications
logging facility local6
logging source-interface FastEthernet0/0.1
logging 192.168.1.234
BORouter#sh logging
Syslog logging: enabled (0 messages dropped, 3924 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: disabled, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabledNo active filter modules.
ESM: 0 messages dropped
Trap logging: level notifications, 31 message lines logged
Logging to 192.168.1.234 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
24 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabledно в логах отображаются только события переконфигурирования.