Manuel,
Quite easy to do.
On the router you will want the following commands (or slight variant)
service timestamps log uptime or
service timestamps log datetime msec localtime show-timezone
I personally prefer uptime, as you get the time anyway from syslog (at least under *nix)
you may want this on some interfaces (i.e. serial dial or whatever)
no logging event link-status
logging buffered 4096 debugging
logging trap notifications
logging facility local1
logging 192.168.1.1
You can use different Local facilities to write to different Unix files. Also trap level set severity of messages sent. If you have the disk space probably better to send to much information and filter at the other end. Then if you ever need to you can look back at the whole picture.
In an access list you then might want.
deny ip any any log
On the Unix side (sorry I use Unix for logging don't know NT variant)
I use a program called syslog-ng which is a more featured syslog server.
The setup file is /etc/syslog-ng/syslog-ng.conf and mine looks like this.
options { long_hostnames(off); sync(0); };
source net { udp(); };
destination network { file("/var/log/network.log"); };
filter f_local { facility(local1); };
log { source(net); filter(f_local); destination(network); };
You get the idea setup a src, a dest and a filter then link them(This is how you can use different facilities to write to different files.)
That's basically it, you can then write a Perl script, sh script or whatever to parse this info email you, page you or whatever. I personally use another program called colorlogs (http://rpmfind.net/linux/RPM/cooker/contrib/sparc/colorlogs-1.1-3mdk.sparc.html for sparc) to print the output of certain lines in pretty colours, then just tail -f the file in a windows on our monitoring station.
Hope this helps somewhat.
Luke Butcher
Ph: 020 7524 6805
Mb: 0794 11 55545
Em: [EMAIL PROTECTED]
> -----Original Message-----
> From: Manuel Fernandes [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 18, 2002 10:05 PM
> To: [EMAIL PROTECTED]
> Subject: CISCO 2600 IOS loggin
>
>
> Hi all,
>
> I would like to have some input on logging information such
> as the example below into a log file! I realize that some of
> these messages pop up through basic port scanning tools but
> knowing my opponent would be wise.
>
> Example:
> 12w0d: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL
> from 206.65.191.12
>
> Currently running a 2600 router with IOS Feature Pack!
>
> Thank you,
> Manuel
>
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
E-mail Disclaimer
Nabarro Nathanson
Principal office:
Lacon House, Theobalds Road
London WC1X 8RW
Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524
NOTICE:-
This message contains confidential (and potentially legally privileged) information solely for its intended recipients and others may not distribute, copy or use it. If you have received this communication in error please tell us either by return e-mail or at the numbers above and delete it, and any copies of it.
The contents of this e-mail are subject to the firms Terms of Business copies of which are available on our website.
We have taken steps to ensure that this message (and any attachments or hyperlinks contained within it) are free from computer viruses and the like. However, in accordance with good computing practice the recipient is responsible for ensuring that it is actually virus free before opening it.
Regulated by the Law Society. A list of partners is available at the address above or on our website, http://www.nabarro.com
