Logging, Syslog and Log Anaylsys Forums > Forums > syslog-ng >

Most important log of linux and cisco

Pages: [1]

« previous next »

Author

Topic: Most important log of linux and cisco (Read 666 times)

capricorn80

Newbie

Offline

Posts: 28

Most important log of linux and cisco

« on: February 19, 2010, 06:51:26 pm »

Hi!

what are the most important log from security point of view in linux and cisco ?

Regards,


	Logged

Admin

Administrator
Newbie

Offline

Posts: 146

Re: Most important log of linux and cisco

« Reply #1 on: February 19, 2010, 08:38:02 pm »

For linux, out of the box the most important files are going to be /var/log/auth.log and /var/log/messages.

For cisco, it really depends on how the device is configured.


	Logged

capricorn80

Newbie

Offline

Posts: 28

Re: Most important log of linux and cisco

« Reply #2 on: February 20, 2010, 07:09:42 am »

Can you give me some idea about CISCO . I got 4500 and 6500 series switches.

Thanks


	Logged

Admin

Administrator
Newbie

Offline

Posts: 146

Re: Most important log of linux and cisco

« Reply #3 on: February 20, 2010, 03:12:14 pm »

Are you running catos or ios on those switches? What is the current logging config?


	Logged

capricorn80

Newbie

Offline

Posts: 28

Re: Most important log of linux and cisco

« Reply #4 on: February 22, 2010, 02:57:25 am »

its IOS
i have setup local6 and logging syslog-ng server ip addess.


	Logged

Admin

Administrator
Newbie

Offline

Posts: 146

Re: Most important log of linux and cisco

« Reply #5 on: February 23, 2010, 08:13:10 am »

All of the syslog messages from the IOS switch are going to come through on local6. It will be up to syslog-ng to separate the messages based on the priority. The priorities that would be important to look at are:
warn, error, critical, alert and emergency.

You can accomplish this with a filter like this:

Code:

filter f_importantIOSstuff {level(warn...emerg); };


	Logged

Pages: [1]

GoogleTagged: ios cisco what most important logs are the

« previous next »