HostedDB - Dedicated UNIX Servers
index_107
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 107   For best security, set up both syslog logging and console logging.  In a network where SNMP management is already deployed, enable SNMP trap logging also.   SNMP and the related RMON facility are discussed in more detail in the next sub- section. The descriptions below recommend logging configuration settings, for additional information about Cisco logging command and facilities, consult the “Troubleshooting Commands” section of the Cisco IOS Configuration Fundamentals Command Reference. Setting up Console and Buffered Logging To turn on console logging, use the commands shown below.  This example sets the logging level for the console to level 5. Central# config t Enter configuration commands, one per line.  End with CNTL/Z Central(config)# ! set console logging to level 5 (notify) Central(config)# logging console notification Central(config)# logging on Central(config)# exit Central# This example sets the console message level to 5, notifications, which means that important messages will appear on the console, but access list log messages will not.   Use the command logging console info to see all informational messages including access list log messages. Use the command logging console debug to see ALL messages on the console. For buffered and other forms of persistent logs, recording the time and date of the logged message is very important.  Cisco routers have the ability to timestamp their messages, but it must be turned on explicitly.  As a rule of thumb, your log buffer size should be about 16 Kbytes; if your router has more than 16 Mbytes of RAM, then you can set the log size to 32 or 64 Kbytes.  The example below shows how to turn on buffered logging, how to enable time stamps, and how to view the buffered log. Central# config t Enter configuration commands, one per line.  End with CNTL/Z Central(config)# ! Set a 16K log buffer at information level Central(config)# logging buffered 16000 information Central(config)# ! turn on time/date stamps in log messages Central(config)# service timestamp log date msec local show-timezo Central(config)# exit Central# Central# show logging Syslog logging: enabled (0 messages dropped,1 flushes,0 overruns)     Console logging: level notifications, 328 messages logged     Buffer logging: level informational, 1 messages logged     Trap logging: level debugging, 332 message lines logged         Logging to 14.2.9.6, 302 message lines logged