Most Cisco devices can use the syslog protocol to manage system logs and alerts. However Cisco devices does not have large internal storage space for storing its logs. There are two options available in Cisco devices in storing syslog:
- By default, the most recent log messages are save in internal buffer. However, the buffer size is limited to few kilobytes. In this case, when the device is rebooted, these syslog messages are lost.
- Cisco devices can also use a syslog protocol to send messages to an external device for storing. In this case, the storage size is limited only by the available disk space on the external syslog server.
To configure Cisco routers to use a syslog server, execute the following command:
# 10.0.0.1 is the syslog serverIf you do not have Unix machine, you may use some of the freeware syslog daemon running on Windows systems like Kiwi Syslog Daemon.
Router(config)# logging host 10.0.0.1
Router(config)# access-list 100 permit ip host 10.0.0.2 any
Router(config)# access-list 100 deny any any log
Kiwi Syslog Daemon can receive, log, display and forward syslog messages from hosts such as routers, switches, unix hosts and any other syslog enabled device. You may download Kiwi Syslog Daemon from the Kiwi site. Run it as a service so that no one has to be logged in to enable it.
No comments:
Post a Comment