syslog and tacacs+ and AAA question give idea pls!
Hi..Dear all, I am doing a project on the access server and tried to log the status of the access server to a unix host using syslogd, I have done that, but I have a few question to ask 1)what is the meaning of the syntax "logging facility local0, local1, local2.. what I understand from the book is refer to where to log, but what are the difference between local0, local1, amd local2 and etc??? what is mean by where to log?? where does it refer to??? 2)I found the information that log by the access server is not enough, it only log the when the Async1 is up and down, that mean when the access server was accessed (shown below)? What I want to log who is the one that access the access server, as I configured a lot of userID for people to access and I need to what ID they use, and achieve the AAA standard. Should I configured a TACACS+ server instead? What is the procedure to configure TACACS+ server? and How do I view the TACACS+ for info?? Pls help if u can. Thank you very much Tong LOG% % Nov 7 17:17:38 57.200.166.11 16: %SYS-5-CONFIG_I: Configured from console by vty0 (57.198 .164.229) Nov 8 09:37:33 57.200.166.11 17: %SYS-5-CONFIG_I: Configured from console by vty0 (57.198 .165.199) Nov 8 10:09:00 57.200.166.11 18: %LINK-3-UPDOWN: Interface Async1, changed state to up Nov 8 10:10:48 57.200.166.11 19: %LINK-3-UPDOWN: Interface Async1, changed state to down Nov 8 23:00:35 57.200.166.11 20: %LINK-3-UPDOWN: Interface Async1, changed state to up Nov 8 23:24:17 57.200.166.11 21: %LINK-3-UPDOWN: Interface Async1, changed state to down You have new mail in /var/spool/mail/root [root@apple /root]# == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: syslog and tacacs+ and AAA question give idea pls!
On Thu, 9 Nov 2000, Sim, CT (Chee Tong) wrote: Hi..Dear all, I am doing a project on the access server and tried to log the status of the access server to a unix host using syslogd, I have done that, but I have a few question to ask 1)what is the meaning of the syntax "logging facility local0, local1, local2.. what I understand from the book is refer to where to log, but what are the difference between local0, local1, amd local2 and etc??? what is mean by where to log?? where does it refer to??? it just allows you to differentiate logs is all. You can use local0 for your 2501, local1 for your cat5k, etc. This way you can tell where its coming from and break it into a seperate file. 2)I found the information that log by the access server is not enough, it only log the when the Async1 is up and down, that mean when the access server was accessed (shown below)? What I want to log who is the one that access the access server, as I configured a lot of userID for people to access and I need to what ID they use, and achieve the AAA standard. Should I configured a TACACS+ server instead? What is the procedure to configure TACACS+ server? and How do I view the TACACS+ for info?? Pls help if u can. tacacs or radius will do what you want. Thank you very much Tong LOG% % Nov 7 17:17:38 57.200.166.11 16: %SYS-5-CONFIG_I: Configured from console by vty0 (57.198 .164.229) Nov 8 09:37:33 57.200.166.11 17: %SYS-5-CONFIG_I: Configured from console by vty0 (57.198 .165.199) Nov 8 10:09:00 57.200.166.11 18: %LINK-3-UPDOWN: Interface Async1, changed state to up Nov 8 10:10:48 57.200.166.11 19: %LINK-3-UPDOWN: Interface Async1, changed state to down Nov 8 23:00:35 57.200.166.11 20: %LINK-3-UPDOWN: Interface Async1, changed state to up Nov 8 23:24:17 57.200.166.11 21: %LINK-3-UPDOWN: Interface Async1, changed state to down You have new mail in /var/spool/mail/root [root@apple /root]# == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: syslog and tacacs+ and AAA question give idea pls!
"Sim, CT (Chee Tong)" wrote: I am doing a project on the access server and tried to log the status of the access server to a unix host using syslogd, I have done that, but I have a few question to ask 1)what is the meaning of the syntax "logging facility local0, local1, local2.. what I understand from the book is refer to where to log, but what are the difference between local0, local1, amd local2 and etc??? what is mean by where to log?? where does it refer to??? This will allow you to log to different files. For example, if you have: logging facility local4 on your router... Then a corresponding entry in your syslog.conf would be: local4.info /log/rtrlog This tells syslogd on your unix host to save entries for local4 in the file /log/rtrlog. One thing that I like to do is have one unix host as my logging server. That way all devices (routers, switches, etc.) AND other unix hosts send to the logging server. You only have to check one server to get all your logs. 2)I found the information that log by the access server is not enough, it only log the when the Async1 is up and down, that mean when the access server was accessed (shown below)? What I want to log who is the one that access the access server, as I configured a lot of userID for people to access and I need to what ID they use, and achieve the AAA standard. Should I configured a TACACS+ server instead? What is the procedure to configure TACACS+ server? and How do I view the TACACS+ for info?? Pls help if u can. -yes, use TACACS+ -to get TACACS+: http://www.nttacplus.com/ ftp://ftp-eng.cisco.com/pub/tacacs/ CiscoSecure ACS RSA ACE/Server -for configuring to use TACACS+: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt2/sctplus.htm The TACACS+ server can send the logs to your syslog server :-) mark _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]