index_111
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
111
and other network hardware. Save all messages of critical (level 2) severity and
above to a single special file, and otherwise save messages for each facility into a
separate file. The syslog configuration lines below illustrate this.
# Critical and higher messages to critical.log
local6.crit
/var/log/critical.log
local5.crit
/var/log/critical.log
local4.crit
/var/log/critical.log
# All other router and switch messages to their respective files
local6.debug /var/log/border-routers.log
local5.debug /var/log/inner-routers.log
local4.debug /var/log/other-hw.log
SNMP Trap Logging
Cisco routers have the ability to report certain events as SNMP traps. While only a
small subset of all log messages can be reported this way, it can be useful in a
network that already has SNMP management deployed.
There are four parts to setting up SNMP trap logging. First, set the trap logging
level, second, select an SNMP logging host, third, set the SNMP source interface,
last, enable SNMP traps for syslog logging. The example below shows how to
configure SNMP trap logging for a receiving host 14.2.9.1.
Central# config t
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)# logging trap information
Central(config)# snmp-server host 14.2.9.1 traps public
Central(config)# snmp-server trap-source ethernet 0/1
Central(config)# snmp-server enable traps syslog
Central(config)# exit
Central#
Many of the trap messages sent by a Cisco router will not appear as formatted error
messages in commercial SNMP viewing tools. It may be necessary to add Cisco-
specific format specifications to the SNMP tools. However, trap messages about link
status changes and other typical network hardware events should be interpretable by
commercial SNMP tools, and may be useful in monitoring the network status. SNMP
is described in more detail in the next sub-section.
Time Services, Network Time Synchronization and NTP
Successful audit of a large network can depend on synchronization of the various
logs and records maintained for the hosts on that network. All Cisco routers have a
clock that maintains the time and date, although some older Cisco models lose time
when they are turned off. It is very important to set the time on a router when it is
first installed, and then keep the time synchronized when the router is in operational
use.