Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
4
Replies

Syslog Server Settings

Adley Francois
Level 1
Level 1

‎02-24-2014 04:44 AM - edited ‎03-07-2019 06:23 PM

Hello Experts,

We are in process of configiuring the Network devices to send the logs to syslog server that we newly setup in our enviornment. Below is the config that we did over the network devices:

conf t

logging host 192.168.1.10 transport udp port 520

logging trap informational

exit

write memory.

We are using the software that will report the alert of any failure attemps of network devices but when I try to create some dummy login failures then there are no logs being shown up on syslog server and no alert is triggered for the same.

Can somebody help me in this issue as we have no problem with the Cisco ASA firewall.

Thanks,

Labels:
0 Helpful
4 Replies 4

Adley Francois
Level 1
Level 1
In response to JohnTylerPearce

‎02-24-2014 05:26 AM

Thanks John.

Can you please tell me what logs the Cisco appliance (Router and Switch) is send to the Syslog Server when the trap is set "informational".

The same settings is done on Cisco ASA firewall and it logged everything (Attacks, Spoof, Failure, Successfull attemps and etc.)

I reviewed the resolution stated in the link that you are given and we need to set the additional config on router to have the successfull/failure log events:

login block-for 60 attempts 3 within 60

login on-failure log every 3

login on-success log

We are using

Version 12.4(15)T12, RELEASE SOFTWARE (fc3)

Thanks

Thanks.

0 Helpful

Adley Francois
Level 1
Level 1
In response to JohnTylerPearce

‎02-24-2014 05:33 AM

Also what about the dropped traffic from access lists, is it required some additional settings on Router/Switch?

Thanks.

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to Adley Francois

‎02-24-2014 06:00 AM

Adley,

I honestly don't know everythign that is included with the Information Level. Except for that it includes everything at the INformation Level and above.

You would have to search for a link to find this information I'm sure.

Depending on where your syslog server is, I would recommend, not logging so much that you really can't tell what's going on.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card