05-15-2006 10:56 AM - edited 03-09-2019 02:55 PM
Hello,
I am trying to log all activity on my routers. I have logging levels all set to debugging. Is there something that I am missing? Any help would be appreciated!
Thanks,
Adam Filkins
05-15-2006 12:31 PM
Adam
I find it a little ambiguous what you are trying to do when you say you want to log all activity on the router. Are you talking about all routing protocol neighbor changes, interface up/down, etc? If so then these events should be in the logs. But I suspect that what you want is probably to log when someone logs into the router, and perhaps to log what commands that they enter. If so then the answer you want is not in syslog but is in the aaa accounting function. If you have configured aaa on the router and an aaa server, then you can configure aaa accounting to send accounting records to the server that will show who logged into the router and when. And accounting can be configured to record all the commands that they entered (or to log commands that they enter at a specific level).
HTH
Rick
05-16-2006 07:55 AM
Rick,
Thanks for the help. Basically, I work in a financial environment. We need to have logs on all activity through some of our routers that will be checked for intrusion. I will need to be able to look at all traffic that flows through the router. I know this is going to be a BIG task, but it is going to be required in the future I am afraid. Just looking to be a bit ahead of the curve with this one. I am not aware of any way to do this, but am hoping that someone can help me.
Thanks!
Adam
05-16-2006 09:22 AM
Adam
If you want to be able to see traffic that goes through the router, then I suggest that you evaluate and see if using NetFlow on the router and some NetFlow analysis software would give you what you need. NetFlow will generate records and export them describing all the traffic that comes through the interfaces on which it is enabled. Generating the NetFlow records is pretty low overhead activity on the router. And the analysis and reporting runs on some workstation in the network. So it has pretty low impact on the router.
HTH
Rick
05-22-2006 06:28 AM
Thanks a lot! One more question though, where can I get Netflow? I have been trying to download it from Cisco's site, and it says that the software is unavailable.
Thanks again!
Adam
05-22-2006 07:12 AM
Adam
I am not sure what software you are talking about: the software to generate NetFlow records or the software to analyze NetFlow. Generation of NetFlow records is generally part of the IOS on the router - so I assume that this is not what you are talking about and that you must be describing problems with the analysis software. What software are you trying to get?
HTH
Rick
05-22-2006 08:51 AM
Rick,
I was trying to pull the software from Cisco's site, but have since seen that they have a pay version out there now. I have pull a version of the freeware that they used to put out. I am working on getting it up and running as we speak. THANK YOU so much for your help.
Adam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide