cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
305
Views
0
Helpful
1
Replies

Baseline Script for Remote Destination Syslog for XR and XE Plus CoPP Plus Nonstandard Syslog Port

mlenco
Beginner
Beginner

I need to come up with a baseline syslog script for XR and XE platforms and integrate them both with CoPP but the documentation I search doesn't cover both topics or how to change the port. I see some commands for switches to change the port but the ASR 9000 XR docuemntation doesn't show that as an option. Is there someone out there good with documentation that can provide me with some documentation with the correct command syntax and detailed show commands to verify configuration?

 

I need 

 

1: Hardened remote XR syslog basline script and a CoPP ACL to allow that conversation to occur. 

2. Hardened remote XE syslog basline script and a CoPP ACL to allow that conversation to occur. 

3. Configure a different syslog port beside UDP 514.

4. Source the syslogs from a specific IP address not just the interface it went out on.

 

Matt 

 

 

 

1 REPLY 1

smilstea
Cisco Employee
Cisco Employee

Hi Matt,

 

XR uses LPTS instead of CoPP.

I am not sure what is meant by baseline script? If you enable a syslog server in your configuration then it will stream to the server, we don't support TCP based syslog.

 

 

 

RP/0/RP0/CPU0:NCS-55A1-A(config)#logging ?
A.B.C.D or X:X::X IP v4/v6 address of the logging host
WORD Name of the logging host
archive logging to a persistent device(disk/harddisk)
buffered Set buffered logging parameters
console Set console logging
correlator Configure properties of the event correlator
events Configure event monitoring parameters
facility Modify message logging facilities
file Set file logging
format Specify syslog message format send to the server
history Set history logging
hostnameprefix Hostname prefix to add on msgs to servers
ipv4 Mark the dscp/precedence bit for ipv4 packets
ipv6 Mark the dscp/precedence bit for ipv6 packets
localfilesize Set size of the local log file
monitor Set monitor logging
source-interface Specify interface for source address in logging transaction
s
suppress Configure properties for the event suppression
suppress Suppress logging behaviour
tls-server Secure server over tls
trap Set trap logging
RP/0/RP0/CPU0:NCS-55A1-A(config)#logging 1.1.1.1 ?
port Set UDP port for this remote host/vrf
severity Set severity of messages for particular remote host/vrf
vrf Set VRF option
RP/0/RP0/CPU0:NCS-55A1-A(config)#logging 1.1.1.1 port 65000
RP/0/RP0/CPU0:NCS-55A1-A(config)#logging 1.1.1.1 severity debugging
RP/0/RP0/CPU0:NCS-55A1-A(config)#logging source-interface loopback 1
RP/0/RP0/CPU0:NCS-55A1-A(config)#show
Thu Jul 2 16:43:30.909 UTC
Building configuration...
!! IOS XR Configuration 7.1.1
logging 1.1.1.1 vrf default severity debugging
logging source-interface Loopback1
end

 

 

Sam

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: