NOC TOOLS syslog AfNOG 2009 - Cairo, SI-E, 2 of 5 Sunday Folayan.

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.
NetComm Wireless Logging Architecture Feature Spotlight.
Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.
CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.
Implementing a Highly Available Network
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
Unix Network Programming Chapter 13: Daemon processes and the inetd superserver Jani Peusaari.
Daemon Processes and inetd Superserver
AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Log management.
Ch. 5 – Access Points. Overview Access Point Connection.
Syslog and log files Ameera Jaradat.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Two-Way Active Measurement Protocol RFC 5357
New SA Training Topic 9: Logging, Monitoring, and Performance  Logging  Windows – “Auditing”  Linux – syslog  Monitoring  MRTG  Big Brother  Performance.
NOC TOOLS rancid AfNOG Cairo, SI-E, 4 of 5 Sunday Folayan.
System Monitoring and Automation CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
System logging and monitoring
Vodafone MachineLink 3G
System Monitoring and Automation. 2 Section Overview Automation of Periodic Tasks Scheduling and Cron Syslog Accounting.
TELE 301 Lecture 10: Scheduled … 1 Overview Last Lecture –Post installation This Lecture –Scheduled tasks and log management Next Lecture –DNS –Readings:
Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.
Backups, Logging, Troubleshooting. Dates for Last Week of Class Homework 7 – Due Tuesday 5/1 by midnight Labs 7 & 8 – 8 is extra credit – Due Thursday.
Guide to Linux Installation and Administration, 2e1 Chapter 10 Managing System Resources.
CENT 305 Information Systems Security Overview of System Logging syslog 1.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
Ch11: Syslog and Logfiles Presented by: Apichana Thiantanawat 06/11/02.
1 Periodic Processes and the cron Daemon The cron daemon is where all timed events are initiated. The cron system is serviced by the cron daemon. What.
TCP/IP Protocol Suite 1 Chapter 16 Upon completion you will be able to: Host Configuration: BOOTP and DHCP Know the types of information required by a.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
FTP File Transfer Protocol. Computer Center, CS, NCTU 2 FTP  FTP File Transfer Protocol Used to transfer data from one computer to another over the internet.
1 Daemons & inetd Refs: Chapter Daemons A daemon is a process that: –runs in the background –not associated with any terminal Unix systems typically.
Sniffer, tcpdump, Ethereal, ntop
Cosc 4750 Log files Logging policies Throw away all data immediately Reset log files at periodic intervals Rotate logs files, keeping data for a fixed.
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
RADIUS What it is Remote Authentication Dial-In User Service
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Network Management Tutorial Log management. Log management and monitoring ■ What is log management and monitoring ? ■ It's about keeping your logs in.
Instructor Materials Chapter 8: DHCP
COP 4343 Unix System Administration
CCNA Routing and Switching Routing and Switching Essentials v6.0
Cosc 4750 Log files.
Instructor Materials Chapter 9: Testing and Troubleshooting
APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008
Host Configuration: BOOTP and DHCP
ITIS 3110 IT Infrastructure II
LINUX ADMINISTRATION 1
Chapter 10: DHCP Routing & Switching Chapter 10: DHCP
Chapter 10: Device Discovery, Management, and Maintenance
CCNA Routing and Switching Routing and Switching Essentials v6.0
Log management AfNOG 2008 Rabat, Morocco.
Marcos Hernandez, SMB Technical Marketing Engineer
Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) practice-questions.html.
Host Configuration: BOOTP and DHCP
Chapter 10: Device Discovery, Management, and Maintenance
Chapter 8: Monitoring the Network
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Daemons & inetd Refs: Chapter 12.
Monitoring with logging
Presentation transcript:

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan

Syslog Syslog is an old, old protocol system log Used to send log messages from a device (router, switch, server) to a log collection server Uses UDP to send packets over the network what do you think about using UDP?

Examples The things you have been looking at in /var/log/messages are delivered locally by syslog Formatting is a little different depending on the source of the log message, but the idea is the same May 12 22:05:51 noc cups-lpd[20129]: Unable to get command line from client! May 12 22:07:24 noc cups-lpd[21357]: Connection from (IPv )‏ May 12 22:15:01 noc sudo: inst : TTY=unknown ; PWD=/u1/home/inst ; USER=root ; COMMAND=/u2/apb-auto- backup/cron-script May 12 22:16:15 noc cups-lpd[21357]: Unable to get command line from client! May 12 22:16:15 noc cups-lpd[31293]: Connection from (IPv )‏ May 12 22:16:18 noc cups-lpd[31293]: Unable to get command line from client!

Syslog Facility, Priority Each message sent to a syslog server has some text, a facility and a level facilities are things like auth, daemon, ftp, mail, local0, local1,..., local7 levels are things like emerg, alert, err, warning, notice, info, debug We will choose facility local7 this time

Configuring syslogd syslogd is configured on most UNIX-like systems using /etc/syslog.conf lines specify a priority/level pattern, and what to do with messages that match it on FreeBSD, other settings are configured in /etc/rc.conf (as you might expect)‏

Starting and Stopping The traditional way to tell syslogd to re- read syslog.conf is to send it a HUP signal killall -HUP syslogd On FreeBSD you can run -/etc/rc.d/syslogd reload On FreeBSD you can also restart the whole process using the rc script /etc/rc.d/syslogd restart

Syslog Security The syslog protocol is old, and is really insecure (no authentication!)‏ really, really old! You don’t want everybody in the world to be able to send you log messages (why?)‏

Syslog Security On FreeBSD, by default, syslogd will not accept messages over the network we can specify the -a option to allow network access from a specific network only syslogd -a /24 Not all syslogd implementations are as flexible as FreeBSD’s

Syslog on a Cisco To tell a cisco switch or router to send log messages to a syslog server, we specify a server address and a facility logging facility local7 logging

Exercise Configure your router Check messages are arriving Configure your server Make sure logs are being rotated Do stuff to make log messages appear (e.g. change the router configuration)‏

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.