[AusNOG] Graylog router messages

Michael Junek michael at juneks.com.au
Wed Mar 1 13:25:43 EST 2017 

Further to Steve's comment, you can set the various levels of information sent to Syslog.

Use the logging trap command, with the level of alerts being sent, as per below--



router(config)#logging trap ?
  <0-7>          Logging severity level
  alerts         Immediate action needed           (severity=1)
  critical       Critical conditions               (severity=2)
  debugging      Debugging messages                (severity=7)
  emergencies    System is unusable                (severity=0)
  errors         Error conditions                  (severity=3)
  informational  Informational messages            (severity=6)
  notifications  Normal but significant conditions (severity=5)
  warnings       Warning conditions                (severity=4)
  <cr>






________________________________
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Mister Pink <misterpink at gmail.com>
Sent: Wednesday, 1 March 2017 13:13
To: Paul Holm
Cc: ausnog at lists.ausnog.net; Steve Hille
Subject: Re: [AusNOG] Graylog router messages

IMHO It's pretty straightforward - the source interface command may be key here - ie it's originating from an address that you are expecting, and perhaps being blocked or not classified correctly as a result.

http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3

Also bear in mind that a router is typically a lot less chatty than a F/W or a switch so it may be that under the current level of logging you are not seeing logs because nothing deemed 'interesting' enough to send is happening.


On 1 March 2017 at 08:54, Paul Holm <ausnog at pkholm.com<mailto:ausnog at pkholm.com>> wrote:
Hi Steve,

Could yo please share "not working config" from your routers?
usually it is only one line

logging host 1.1.1.1

May be with

logging source-interface xxx



On 01/03/2017 02:01, Steve Hille wrote:
Hi all, I've got Graylog running and am collecting data on all of our
Cisco switches and ASA's, also getting data from riverbeds and some
other gear. Unfortunately I can't get any messages coming in from our
Cisco routers and I can't figure out why. Has anyone got any
experience with the config on the router side to get data in? On the
other hand if anyone needs some guidance getting it setup, I'll
happily share my notes so far, getting some incredibly good data out
of it.

Cheers,

Steve


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170301/94f6f78b/attachment.html>

More information about the AusNOG mailing list