URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 23562
[ Назад ]

Исходное сообщение
"Маршрутизатор 2811 и Syslog"

Отправлено Daddy , 24-Фев-12 07:57 
Имеется маршрутизатор Cisco 2811. Предполагается отправка логов на syslog-сервер.

version 12.4
parser config cache interface
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
no service dhcp
!
hostname BORouter
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
logging console informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
clock timezone Minsk 3
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name obltorg.by
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
!
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxx
username administrator privilege 15 secret 5 xxxxxxxxxxxxxxxxxx
username vpnuser password 7 xxxxxxxxxxxxxxx
archive
log config
  hidekeys
path ftp://192.168.100.230/BORouter-$t
write-memory
!
!
!
ip tcp timestamp
ip tcp synwait-time 5

ip ftp username cisco
ip ftp password 7 xxxxxxxxxxxx
ip ssh version 2
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
no ip address
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.100.254 255.255.255.0
!
!
interface FastEthernet0/0.3
description ASSORTY VLAN 3
encapsulation dot1Q 3
ip address 192.168.3.250 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface FastEthernet0/0.100
description OBLTORG OFFICE VLAN 100

encapsulation dot1Q 100
ip address 192.168.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1/0
shutdown
!
interface FastEthernet0/1/1

shutdown
!
interface FastEthernet0/1/2
shutdown
!
interface FastEthernet0/1/3
shutdown
!
interface FastEthernet0/1/4
shutdown
!
interface FastEthernet0/1/5
shutdown
!
interface FastEthernet0/1/6
shutdown
!
interface FastEthernet0/1/7
shutdown
!
interface FastEthernet0/1/8
shutdown
!
interface Serial0/2/0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
no ip address
!
interface Dialer1
ip address negotiated
ip access-group FROM_INET in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname obltorg
ppp chap password 7 xxxxxxxxxxxxxxxxx
!
ip local pool VPN_POOL 192.168.50.1 192.168.50.8
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.11.0.0 255.255.0.0 192.168.101.250
ip route 192.168.0.0 255.255.0.0 Null0
ip route 192.168.110.0 255.255.255.0 192.168.100.126
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat translation timeout 300
ip nat inside source list INET interface Dialer1 overload
ip nat inside source static tcp 192.168.3.252 3201 yy.yy.yy.yy 3201 extendable
ip nat inside source static tcp 192.168.1.223 3389 yy.yy.yy.yy 3386 extendable
ip nat inside source static tcp 192.168.100.101 3389 yy.yy.yy.yy 3389 extendable
!
ip access-list extended FROM_INET
remark Traffic allowed to enter the router from Internet
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip any host 255.255.255.255
deny   tcp any any eq 135
deny   tcp any eq 135 any
deny   udp any any eq 135
deny   udp any eq 135 any
deny   tcp any any range 137 139
deny   tcp any range 137 139 any
deny   udp any any range netbios-ns netbios-ss
deny   udp any range netbios-ns netbios-ss any
deny   tcp any any eq 445
deny   tcp any eq 445 any
deny   udp any any eq 445
deny   udp any eq 445 any
deny   tcp any any eq 6600
deny   tcp any eq 6600 any
deny   udp any any eq 6600
deny   udp any eq 6600 any
permit udp any any eq isakmp
permit esp any any
permit tcp any any eq 1723
permit tcp any any eq 3201
permit gre any any

permit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any administratively-prohibited
permit icmp any any echo
permit ip any any
ip access-list extended INET
remark Traffic allowed to INET
deny   tcp any any eq 135
deny   tcp any eq 135 any
deny   udp any any eq 135
deny   udp any eq 135 any
deny   tcp any any range 137 139
deny   tcp any range 137 139 any
deny   udp any any range netbios-ns netbios-ss
deny   udp any range netbios-ns netbios-ss any
deny   tcp any any eq 445
deny   tcp any eq 445 any
deny   udp any any eq 445
deny   udp any eq 445 any
deny   tcp any any eq 6600

deny   tcp any eq 6600 any
deny   udp any any eq 6600
deny   udp any eq 6600 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
deny   ip any any
!
logging trap errors
logging facility local4
logging 192.168.100.231
access-list 99 permit 192.168.100.101
access-list 99 permit 192.168.1.234
access-list 99 remark ACLs to Cisco SSH
access-list 99 permit 192.168.1.160
access-list 99 permit 192.168.100.230
access-list 99 permit 192.168.100.231

access-list 99 deny   any
dialer-list 1 protocol ip permit
!
!
route-map INET permit 10
match ip address INET
match interface Dialer1
!
route-map BIB permit 10
match ip address BIB
match interface FastEthernet0/0.13
!
!
control-plane
!
!
!
!
!
line con 0
transport preferred none
escape-character 3
line aux 0
line vty 0 4
access-class 99 in
exec-timeout 15 0
logging synchronous
transport input ssh
escape-character 3
line vty 5 15
access-class 99 in
exec-timeout 15 0
logging synchronous
transport input ssh
escape-character 3
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 192.168.100.230
end

BORouter#

На адресе 192.168.100.231 работает syslog-сервер. Однако никаких логов туда не поступает.
Команда
show logging сообщает:

BORouter#sho logging
Syslog logging: enabled (0 messages dropped, 3924 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.


    Console logging: level informational, 17572 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level warnings, 981 messages logged, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level errors, 7 message lines logged
        Logging to 192.168.100.231  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link down),
              0 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (51200 bytes):

Не могу, понять почему "link down" в последнем выводе.

Помогите, коллеги!


Содержание

Сообщения в этом обсуждении
"Маршрутизатор 2811 и Syslog"
Отправлено alecx , 24-Фев-12 11:22 
1. Проверить доступность сервера с cisco. Для порядка можно указать logging source-interface FastEthernet0/0.1

2. У вас стоит logging trap errors. Может ошибок просто нет. Попробуйте поднять уровень до info и передернуть хост (no logging host/logging host), должно упасть сообщение на сервер типо logging syslog started.


"Маршрутизатор 2811 и Syslog"
Отправлено Николай_kv , 24-Фев-12 11:59 
> 1. Проверить доступность сервера с cisco. Для порядка можно указать logging source-interface
> FastEthernet0/0.1
> 2. У вас стоит logging trap errors. Может ошибок просто нет. Попробуйте
> поднять уровень до info и передернуть хост (no logging host/logging host),
> должно упасть сообщение на сервер типо logging syslog started.

Мухи отдельно котлеты отдельно.

То что настроено здесь
logging trap errors
logging facility local4
logging 192.168.100.231

это уходит удаленной стороне.
А здесь пишеться с сислог девайса
logging buffered 51200 warnings
поставьде хотя бы inform


"Маршрутизатор 2811 и Syslog"
Отправлено Daddy , 24-Фев-12 14:22 
>[оверквотинг удален]
>> должно упасть сообщение на сервер типо logging syslog started.
> Мухи отдельно котлеты отдельно.
> То что настроено здесь
> logging trap errors
> logging facility local4
> logging 192.168.100.231
> это уходит удаленной стороне.
> А здесь пишеться с сислог девайса
> logging buffered 51200 warnings
> поставьде хотя бы inform

Теперь выглядит так:

logging trap notifications
logging facility local6
logging source-interface FastEthernet0/0.1
logging 192.168.1.234


BORouter#sh logging        
Syslog logging: enabled (0 messages dropped, 3924 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  disabled, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level notifications, 31 message lines logged
        
        Logging to 192.168.1.234  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              24 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

но в логах отображаются только события переконфигурирования.