cisco 操作记录_如何配置思科记录？

cisco 操作记录

Hi, collecting logs are important. In my daily job, I am working with logs about a lot of systems like WMware, Application, Linux, Windows, Cisco, checkpoint, pfSense. Logs provide info about the system, application, etc. Security incident management systems heavily rely on logs.

嗨，收集日志很重要。 在我的日常工作中，我正在处理有关许多系统的日志，例如WMware，应用程序，Linux，Windows，Cisco，检查点，pfSense。 日志提供有关系统，应用程序等的信息。安全事件管理系统严重依赖日志。

日志示例 (Example Log)

Logs consist of date system name and event detail like

日志由日期系统名称和事件详细信息组成，例如

Aug  1 05:39:30.992: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

Here Aug  1 05:39:30.992 is date info, %LINK-3-UPDOWN is subsystem info which says the log is about port, Interface Ethernet0/0, changed state to up says that the ethernet 0/0 interface is changed to up. This log can seem simple but a lot of logs means special things. If you properly correlate you can get a lot of info about the whole system especially from a security perspective. But the first step is collecting logs from the systems. There is a lot of log collection ways but the systems may not provide all of them. Network devices generally use Syslog technique which uses UDP packets and port 514 to transmit logs. In the most simple way logs transmitted without any CIA (confidentiality, integrity, availability). To collect log we need a Syslog server which accepts Syslog from the network. We assume it is set up correctly. No, we will configure the Cisco switch to send logs.

这里8月1日05：39：30.992是日期信息， ％LINK-3-UPDOWN是子系统信息，它表示日志是关于端口的，接口Ethernet0 / 0，状态更改为up表示以太网0/0接口已更改为up 。 该日志看似简单，但是很多日志意味着特殊的事情。 如果您正确地建立了关联，则可以从整个安全性角度获得很多有关整个系统的信息。 但是第一步是从系统中收集日志。 有很多日志收集方式，但是系统可能无法提供所有这些方式。 网络设备通常使用Syslog技术，该技术使用UDP数据包和端口514传输日志。 以最简单的方式传输日志而没有任何CIA(机密性，完整性，可用性)。 要收集日志，我们需要一个Syslog服务器，该服务器从网络接受Syslog。 我们假设它设置正确。 不，我们将配置Cisco交换机发送日志。

指定日志服务器 (Specify Log Server)

Set IP address of the log server here if the switch has name resolution you can use a hostname.

如果交换机具有名称解析，则可以在此处设置日志服务器的IP地址，您可以使用主机名。

S1(config)#logging host 10.250.1.1

指定日志记录级别或严重性 (Specify Logging Level or Severity)

This step is important because we set up the log level. making log level high make a lot of logs especially if the system is the core system, but it is very useful to see all details about events. debug is level 7 and emergency is level 0 you can select this according to your needs.          

这一步很重要，因为我们设置了日志级别。 提高日志级别会产生大量日志，尤其是在系统是核心系统的情况下，但是查看有关事件的所有详细信息非常有用。 调试级别为7，紧急级别为0，您可以根据需要进行选择。          

S1(config)#logging trap debugging

指定日志源接口 (Specify Log Source Interface)

This is config is useful if you collect logs from more than one system. Logs from a lot of systems are separated by their source IP’s. With this option, you set your source interface and source IP.

如果您从多个系统中收集日志，则此配置很有用。 来自许多系统的日志由其源IP分开。 使用此选项，您可以设置源接口和源IP。

S1(config)#logging source-interface ethernet 0/0

指定设施 (Specify Facility)

Syslog uses the facility to separate logs. You can use this option like the source interface but you have not a lot of space to use.

Syslog使用该工具来分隔日志。 您可以像源界面一样使用此选项，但是没有太多空间可以使用。

S1(config)#logging facility syslog

LEARN MORE  How To Give Su Rigth To User In FreeBSD?

了解更多如何在FreeBSD中为用户赋予Su Rigth？

翻译自: https://www.poftut.com/configure-cisco-logging/

cisco 操作记录