HostedDB - Dedicated UNIX Servers
index_111
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 111   and other network hardware.  Save all messages of critical (level 2) severity and above to a single special file, and otherwise save messages for each facility into a separate file.  The syslog configuration lines below illustrate this. # Critical and higher messages to critical.log local6.crit        /var/log/critical.log local5.crit        /var/log/critical.log local4.crit       /var/log/critical.log # All other router and switch messages to their respective files local6.debug                           /var/log/border-routers.log local5.debug                           /var/log/inner-routers.log local4.debug                           /var/log/other-hw.log                                                               SNMP Trap Logging Cisco routers have the ability to report certain events as SNMP traps.  While only a small subset of all log messages can be reported this way, it can be useful in a network that already has SNMP management deployed. There are four parts to setting up SNMP trap logging.  First, set the trap logging level, second, select an SNMP logging host, third, set the SNMP source interface, last, enable SNMP traps for syslog logging.  The example below shows how to configure SNMP trap logging for a receiving host 14.2.9.1.    Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# logging trap information Central(config)# snmp-server host 14.2.9.1 traps public Central(config)# snmp-server trap-source ethernet 0/1 Central(config)# snmp-server enable traps syslog Central(config)# exit Central# Many of the trap messages sent by a Cisco router will not appear as formatted error messages in commercial SNMP viewing tools.  It may be necessary to add Cisco- specific format specifications to the SNMP tools.  However, trap messages about link status changes and other typical network hardware events should be interpretable by commercial SNMP tools, and may be useful in monitoring the network status. SNMP is described in more detail in the next sub-section. Time Services, Network Time Synchronization and NTP Successful audit of a large network can depend on synchronization of the various logs and records maintained for the hosts on that network.  All Cisco routers have a clock that maintains the time and date, although some older Cisco models lose time when they are turned off.  It is very important to set the time on a router when it is first installed, and then keep the time synchronized when the router is in operational use.