RE: about a syslog server

From: Keith T. Morgan (keith.morgan@terradon.com)
Date: 02/04/02


Date: Mon, 4 Feb 2002 12:46:06 -0500
From: "Keith T. Morgan" <keith.morgan@terradon.com>
To: <security-basics@securityfocus.com>

If it were me, I would go get a cheap Linux machine, plug in some iptables (or ipchains) rules, fire up syslog -r, and have every one of those cisco routers log to it. It takes one command in each router, and it works like a charm.
 

-----Original Message-----
From: Evan Pierce [mailto:epierce@sunint.co.za]
Sent: Monday, February 04, 2002 9:25 AM
To: security-basics@securityfocus.com; outohere00@yahoo.com
Subject: Re: about a syslog server

Well you see it all depends.

Ok first things first - Syslog servers - I like the one provided with Ciscoworks 2000 but that might be a bit expensive for you tastes. Look on 3coms website for their 3cDaemon or Tftp server, it actually is a lightweight Tftp, FTP, Syslog server all in one and I have found it more than adequate for my needs.

If I remember correctly yes it will enable levels 0 to 3 as well.

Lastly - how many messages do you receive from your routers? Have you baselined how many events your routers send? Here in South Africa we have lots of probems with our fixed line providors thus triggering many interface resets/crc error events that may not happen elsewhere for example.

Evan
>>> <outohere00@yahoo.com> 01/31/02 10:53PM >>>

Hello all. I am researching the creation of a syslog
server on a WinNT or Win2k platform. My goal is to
enable 24/7 logging of 25+ Cisco routers (no
servers). There is a mix of Internet and Intranet
routers involved. I have 3 questions about this. First,
is there a solid 3rd party syslog program that anyone
can recommend for this? Second, is it true that by
choosing to log level 4 (warning) issues that I will also
automatically log levels 0 thru 3? Finally, is there a
any documented baseline rule for determining how
much disk space usage I can expect to accumulate
per day? I have to find out what size drive I would
need. This last question has been a tough one; I
haven't been able to locate any documented formula
for this. Thanks in advance for your help.



Relevant Pages

  • about a syslog server
    ... I am researching the creation of a syslog ... server on a WinNT or Win2k platform. ... choosing to log level 4 issues that I will also ... any documented baseline rule for determining how ...
    (Security-Basics)
  • RE: about a syslog server
    ... Check out the Kiwi syslog at http://www.kiwi-enterprises.com ... I run it here on a Win2K system and it works great. ... server on a WinNT or Win2k platform. ... choosing to log level 4 issues that I will also ...
    (Security-Basics)
  • Re: Need to implemet Syslog server
    ... >On my network I need to implement a Syslog server ... Pretty much everything but Windows will ... likely talk to syslog if told to, ... A great many other managed network devices support syslogging, ...
    (Security-Basics)
  • [HPADM] SUMMARY: syslog redirection
    ... server is down, entries will be lost. ... Syslog sends over UDP on a "broadcast and forget" concept. ... information that is subject to United States laws and regulations. ... I'm being asked to route syslog messages to a central server. ...
    (HP-UX-Admin)
  • Re: How to allow port 514?
    ... a packet filter allows traffic into the server itself. ... If you want to run your syslog on the server you would use a packet filter. ... In ISA Policy Elements, right click Protocol Definitions, ... in Publishing, right click Server ...
    (microsoft.public.windows.server.sbs)