linux for cisco 日志服务器搭建

目的 :
搭建记录 CISCO 日志事件的 LINUX 服务器 .
2.cisco 交换机地址 :10.0.0.71
  Linux 地址 :192.168.80.63
3. 试验步骤主要分两大块
  1) 交换机
首先设置交换机能够发出日志
开启 :
(config)#logging on   ( 开启日志 )
(config)# logging facility local4 (local4 设备号 , 这要和 LINUX 那对应 )
(config)#logging 192.168.80.63
(config)#logging trap
注意:logging trap level 指定日志消息的级别 
linux for cisco 日志服务器搭建_第1张图片
logging facility命令更改设备号,并Show logging
 2)LINUX
2.1 设置 /etc/syslog.conf 配置文件文件 ( 此文件是设置 cisco 发过来的文件到那个文件 )
[root@localhost log]# vi  /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
 
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
 
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
 
# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
 
 
# Log cron stuff
cron.*                                                  /var/log/cron
 
# Everybody gets emergency messages
*.emerg                                                 *
 
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
 
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
local4.*                                             /var/log/80.log
(* 表示所有消息 )   ( 这里 local4 就是和 cisco 设置的 local4 对应 , 并且它把 cisco 发过来的日志放到 var/log/80.log)
可以用 man syslog  共有 8 种消息等级 .
#define KERN_EMERG    "<0>"  /* system is unusable               */
       #define KERN_ALERT    "<1>"  /* action must be taken immediately */
       #define KERN_CRIT     "<2>"  /* critical conditions              */
       #define KERN_ERR      "<3>"  /* error conditions                 */
       #define KERN_WARNING  "<4>"  /* warning conditions               */
       #define KERN_NOTICE   "<5>"  /* normal but significant condition */
       #define KERN_INFO     "<6>"  /* informational                    */
       #define KERN_DEBUG    "<7>"  /* debug-level messages             */
alert -需要立即采取的动作
   crit
-临界状态
   err
-错误状态。等同 error
   warning
-预警信息,等同 warn
   notice
-正常但是要注意
   info
-正常消息
   debug
-调试
   none
-一般的信息
 
 
2.2 修改配置文件 /etc/sysconfig/syslog
改这里是因为需要linux去读取来的消息
 
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with �Cr ( 不用 DNS 解析 )
# See syslogd(8) for more details
SYSLOGD_OPTIONS=" -m 0"      修改为   SYSLOGD_OPTIONS="-r -x -m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".
2.3 修改文件 syslog 之后
    重启 syslog 服务
     Service syslog restart
2.4 查看 syslogd 进程
ps �Cef |grep syslogd |grep �Cv “grep syslogd”
root     30307     1  0 13:59 ?       00:00:00 syslogd -r -x -m     ### -r 就表示成功
2.5 设置 LINUX 允许 cisco 数据包进来 .
[root@localhost log]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     udp  --  anywhere             192.168.80.63       udp dpt:syslog
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       
 
命令是: iptables �CA INPUT �Cp udp �Cd 192.168.80.63 �Cdport 514 �Cj ACCEPT
2.6  查看日志服务器监听的 udp 端口: 514
     netstat  -untl  |grep 514
udp        0      0 0.0.0.0:514              0.0.0.0:*        ###514 已经起来
 
这样,查看80.log是否有记录
[root@localhost log]#  cat /var/log/80.log
Jan 14 21:36:06 10.0.0.71 949: 001021: *Mar 14 00:47:29: %SYS-5-CONFIG_I: Configured from console by abc on vty1 (192.168.2.1)
Jan 14 22:51:04 10.0.0.71 950: 001022: *Mar 14 02:01:32: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to up
Jan 14 22:51:05 10.0.0.71 951: 001023: *Mar 14 02:01:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up( )
参考: http://blog.chinaunix.net/u3/94782/showart_1968806.html
http://www.51cto.com/art/200802/65788.htm

你可能感兴趣的:(linux,for,Cisco,休闲,日志服务器)