Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
6
Replies

Syslogs

adamfilkins
Level 1
Level 1

‎05-15-2006 10:56 AM - edited ‎03-09-2019 02:55 PM

Hello,

I am trying to log all activity on my routers. I have logging levels all set to debugging. Is there something that I am missing? Any help would be appreciated!

Thanks,

Adam Filkins

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎05-15-2006 12:31 PM

Adam

I find it a little ambiguous what you are trying to do when you say you want to log all activity on the router. Are you talking about all routing protocol neighbor changes, interface up/down, etc? If so then these events should be in the logs. But I suspect that what you want is probably to log when someone logs into the router, and perhaps to log what commands that they enter. If so then the answer you want is not in syslog but is in the aaa accounting function. If you have configured aaa on the router and an aaa server, then you can configure aaa accounting to send accounting records to the server that will show who logged into the router and when. And accounting can be configured to record all the commands that they entered (or to log commands that they enter at a specific level).

HTH

Rick

HTH

Rick
0 Helpful

adamfilkins
Level 1
Level 1
In response to Richard Burts

‎05-16-2006 07:55 AM

Rick,

Thanks for the help. Basically, I work in a financial environment. We need to have logs on all activity through some of our routers that will be checked for intrusion. I will need to be able to look at all traffic that flows through the router. I know this is going to be a BIG task, but it is going to be required in the future I am afraid. Just looking to be a bit ahead of the curve with this one. I am not aware of any way to do this, but am hoping that someone can help me.

Thanks!

Adam

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to adamfilkins

‎05-16-2006 09:22 AM

Adam

If you want to be able to see traffic that goes through the router, then I suggest that you evaluate and see if using NetFlow on the router and some NetFlow analysis software would give you what you need. NetFlow will generate records and export them describing all the traffic that comes through the interfaces on which it is enabled. Generating the NetFlow records is pretty low overhead activity on the router. And the analysis and reporting runs on some workstation in the network. So it has pretty low impact on the router.

HTH

Rick

HTH

Rick
0 Helpful

adamfilkins
Level 1
Level 1
In response to Richard Burts

‎05-22-2006 06:28 AM

Thanks a lot! One more question though, where can I get Netflow? I have been trying to download it from Cisco's site, and it says that the software is unavailable.

Thanks again!

Adam

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to adamfilkins

‎05-22-2006 07:12 AM

Adam

I am not sure what software you are talking about: the software to generate NetFlow records or the software to analyze NetFlow. Generation of NetFlow records is generally part of the IOS on the router - so I assume that this is not what you are talking about and that you must be describing problems with the analysis software. What software are you trying to get?

HTH

Rick

HTH

Rick
0 Helpful

adamfilkins
Level 1
Level 1
In response to Richard Burts

‎05-22-2006 08:51 AM

Rick,

I was trying to pull the software from Cisco's site, but have since seen that they have a pay version out there now. I have pull a version of the freeware that they used to put out. I am working on getting it up and running as we speak. THANK YOU so much for your help.

Adam

0 Helpful
Customers Also Viewed These Support Documents