Now when it comes to looking after a large IT estate, it can be a pain to keep track of all those errors and warnings in logs. Most people put alerting in place for their servers and firewalls which is great, however you can never forget those poor switches that carry all that data around your network. If one of those fails then it is back to using carrier pigeons for you!
To configure a cisco switch to send out syslogs to a server you need to first of all enter config mode
tekctrl-3570-01#conf t
Then you need to set the switch to timestamp the logs, otherwise it won't make any sense in your syslog server
tekctrl-3570-01(config)#service timestamps log datetime
You need to then inform the cisco switch where to send the logs to
tekctrl-3570-01(config)#logging x.x.x.x
You then need to configure the level of events the cisco switch will send over. 7 is the most active (debug) and will send EVERYTHING across. I have set this one to 4 (warning) so that any emergencies, alerts, critical errors and warnings are sent over but notification information such as someone plugging a cable into a port is not sent over (because come 17:30 your syslog server will be filled with damn near every good user powering down and disconnecting from the switches!)
tekctrl-3570-01(config)#logging trap 4
The next line will also set the local level of logging for the cisco switch. local7 is the default so we might as well stick with it
tekctrl-3570-01(config)#logging facility local7
Now exit the config mode
tekctrl-3570-01(config)#end
And for f*ck sake save the running config or you'll be kicking yourself (and I'll be kicking you too!) when the switch reloads and all this heavenly syslog glory is lost..
tekctrl-3570-01#copy running-config startup-configDestination filename [startup-config]?
Building configuration...
[OK]
Now confirm the logs are appearing in your syslog server and f*ck off to the pub and let the syslog server deal with all the whining and moaning your Cisco kit is producing
No comments:
Post a Comment