index_108
Router Security Configuration Guide
UNCLASSIFIED
108
UNCLASSIFIED
Version 1.0g
Log Buffer (16000 bytes):
Mar 28 11:31:22 EST: %SYS-5-CONFIG_I: Configured from console by
vty0 (14.2.9.6)
Setting up Terminal Line Logging
Any terminal or virtual terminal line can act as a log monitor. There are two parts to
setting up terminal monitor logging. First, set the severity level for terminal line
monitor log messages; this needs to be done only once. Second, while using a
particular line, declare it to be a monitor; this needs to be done once per session. The
example below shows how to set up terminal line monitoring for informational
severity (level 6) on a telnet session virtual terminal line.
Central# show users
Line User Host(s) Idle Location
*130 vty 0 bob idle 00:00:00 14.2.9.6
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# ! set monitor logging level to level 6
Central(config)# logging monitor information
Central(config)# exit
Central# ! make this session receive log messages
Central# terminal monitor
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# interface eth 0/1
Central(config-if)# ! shutdown will log a message, level 5
Central(config-if)# shutdown
Central(config-if)#
Mar 28 15:55:29 EST: %LINK-5-CHANGED: Interface Ethernet0/1,
changed state to administratively down
Setting up Syslog Logging
Syslog logging is the most useful form of logging offered by Cisco routers. It offers
the network administrator the ability to send log messages from all of the routers (and
other Cisco equipment) on a network to a central host for examination and storage.
All Unix and Linux operating system configuration include syslog servers, and free
syslog servers are also available for Windows NT and Windows 2000.*
*
The NSA Systems and Network Attack Center offers a suite of Windows NT/2000 tools, called the
Value Added Tools (VAT). The VAT includes a solid, robust syslog server for Windows NT and 2000.
It is available free to US Government entities; request a copy from securent@dewnet.ncsc.mil.