cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
739
Views
10
Helpful
5
Replies

Cisco+Linux.

Hello All,

In my Switched environment (LAN), I have configured my 2620 to log message in my Linux box. Whenever my any WAN link goes down, 2620 logs it in Linux box and from there using a script (in PERL) i get a mail notification.

Now the goof up is.......2620 is not logging ANYTHING in /var/log/messages, even after running #logging <linux_box_ip> on 2620. I checked the syslog service on Linux also...no prob with it. Sendmail is also running properly. In case anyone interested in the script ....here it is.

-------------------------------------------------------------------

#!/usr/bin/perl

$link_stat = "%LINEPROTO";

$mail_to = "my_email_id1";

$mail_to = "my_email_id2";

open (FILE,"/var/log/messages") || die "can't open $!";

while (<FILE>) {

if ( $_ =~ /$link_stat/g ) {

$found="true";

$up.=$_;

}

}

close(FILE);

if ( $found eq "true" ) {

open (MAIL,"|/usr/sbin/sendmail $mail_to") || die "sendmail

not found";

print MAIL "Subject: LINK FLUCTAUTION\n\n";

print MAIL $up;

close ( MAIL);

}

system("cat /var/log/messages >> /var/log/messages.archive");

system("echo '' >/var/log/messages");

------------------------------------------------------------------------------------------

if anyone can help me....it will be great.

regards,

Vijayendra K. S.

1 Accepted Solution

Accepted Solutions

Use TCPDUMP on the Linux box and see if any incoming syslog packets are coming from the router. Also verify there is no ACL blocking syslog on the router. As for the buffer overflow that can happen just by using the -r switch. You need to use ipchains or pf to create access lists on the linux box to allow only known devices to pass syslog info.

Bryan

View solution in original post

5 Replies 5

jhalldn
Level 1
Level 1

Hi,

Try the following:

I you try to configure your syslog.conf file like this:

# local7. /var/log/cisco.log

Then your router like this:

#logging on

#logging

#logging facility local7

#logging trap

#logging source-interface

Hopefully you will be logging some stuff on your Linux box.

sbaxter
Level 1
Level 1

You may need to give syslog under the

-r

switch in order to tell it to accept packets

from remote hosts.

man syslogd

Cheers,

SB

Thanx Jhalldn and Sbaxter,

Jhalldn:

local7.* are for boot messages.....which i dont need.

so all logging commands are executed.

Sbaxter:

I stopped the syslogd ans restarted it with -r switch...

STILL NO LUCK......

1. is there any way i can check wether my router is sending packets to Linux box ?..............(i am able to ping each other from other)

2. My friend told me thre has to be SOMETHING IN SYSLOG (ie on Linux box) TO SPECIFY from WHERE TO ACCEPT PACKETS (or WHO ALL are allowed to log packets)......else if syslog accepts all packets thrown at him...it will be a BUFFER overflow vulnerability (i think so).

still fighting....

thanx Jhalldn & Sbaxter.

-vijayendra.

Use TCPDUMP on the Linux box and see if any incoming syslog packets are coming from the router. Also verify there is no ACL blocking syslog on the router. As for the buffer overflow that can happen just by using the -r switch. You need to use ipchains or pf to create access lists on the linux box to allow only known devices to pass syslog info.

Bryan

Hello

Jhalldn, Sbaxter, Bhaase.

Atlast was able to log my desired messaged in the Linux box.

PREVIOUS

------------------------------------------------------------------------------------------------

Syslog logging: enabled (0 messages dropped, 1 flushes, 0 overruns)

Console logging: level debugging, 83007 messages logged

Monitor logging: disabled

Buffer logging: disabled

Trap logging: disabled

------------------------------------------------------------------------------------------------

COMMAND EXECUTED

(config)#logging monitor debugging

(config)#logging trap informational (severity=6)

AFTERWARDS

------------------------------------------------------------------------------------------------

ROUTER#sh logging

Syslog logging: enabled (0 messages dropped, 1 flushes, 0 overruns)

Console logging: level debugging, 83007 messages logged

Monitor logging: level debugging, 17415 messages logged

Buffer logging: disabled

Trap logging: level informational, 37753 message lines logged

Logging to 172.23.162.76(MY LINUX BOX), 2285 message lines logged

-------------------------------------------------------------------------------------------------

Now my script is sending mails as desired upon link outage.

thanx chief(s),

-vijayendra k. s.