[AusNOG] Graylog router messages

Mister Pink misterpink at gmail.com
Wed Mar 1 13:13:10 EST 2017


IMHO It's pretty straightforward - the source interface command may be key
here - ie it's originating from an address that you are expecting, and
perhaps being blocked or not classified correctly as a result.

http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3

Also bear in mind that a router is typically a lot less chatty than a F/W
or a switch so it may be that under the current level of logging you are
not seeing logs because nothing deemed 'interesting' enough to send is
happening.


On 1 March 2017 at 08:54, Paul Holm <ausnog at pkholm.com> wrote:

> Hi Steve,
>
> Could yo please share "not working config" from your routers?
> usually it is only one line
>
> logging host 1.1.1.1
>
> May be with
>
> logging source-interface xxx
>
>
>
> On 01/03/2017 02:01, Steve Hille wrote:
>
>> Hi all, I've got Graylog running and am collecting data on all of our
>> Cisco switches and ASA's, also getting data from riverbeds and some
>> other gear. Unfortunately I can't get any messages coming in from our
>> Cisco routers and I can't figure out why. Has anyone got any
>> experience with the config on the router side to get data in? On the
>> other hand if anyone needs some guidance getting it setup, I'll
>> happily share my notes so far, getting some incredibly good data out
>> of it.
>>
>> Cheers,
>>
>> Steve
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170301/9e41fdba/attachment.html>


More information about the AusNOG mailing list