You Also need to specify logging severity Logging trap debugging , log everything. there are 7 levels 1-7 debugging is 7
---- Message from [EMAIL PROTECTED] at Wed, 26 Sep 2001 19:55:22 +0200 ------ >Hi, > >I had to do the same job on a cisco 2500. I didn't use ftp, just >syslogged everything I had decided to log (via the 'log' option at the >end of my access-list command. To configure this : > >1. on the cisco , just issue the following commands : > > # conf term > # logging xxx.xxx.xxx.xxx (IP address of the unix host you want to >syslog to) > # logging facility local6 (or anything else type : logging facility ? >for a list ) > >2. On the host (syntax is for a RedHat system) : > > + add the following line in /etc/syslog.conf : > local6.* <path_for_your_log> > | > --> same keyword as used in the 'logging facility' command > > + modify in /etc/sysconfig/syslog : > SYSLOGD_OPTIONS="-m 0" ==> SYSLOGD_OPTIONS="-m 0 -r -x" > explanations : -r --> accept remote connections > -x --> don't do reverse lookups for remote hosts' ip addresses >(can >be useful in order not too load your host and network with lots of >dnslookups) > > + restart syslogd : > /etc/rc.d/init.d/syslog stop > /etc/rc.d/init.d/syslog start > > + your log should have been created, and start to fill ... > + lines are always the same format : > Sep 26 08:50:31 xxx.xxx.xxx.xxx 16150: %SEC-6-IPACCESSLOGP: list YYY >denied tcp xxx.xxx.xxx.xxx(2644) -> yyy.yyy.yyy.yyy(80), 1 packet > >I hope this has been useful > >Don Weber wrote: >> >> I'd like to log all of my Access lists in my cisco 2600 series router, I >> currently am blocking most of the current active attacks on the internet and >> found that it has logged around 300,000 rejections on the codered worm >> alone, however it is not actually logging those, it just performs the action >> and no log, I'd like to get some help with turning on the logging actions >> and setting up a ftp/tftp-record, i've tried but am apperently doing >> something wrong here, my intentions are to ftp the logs on a daily basis to >> my system so that i could 1-browse them for anything suspicious and 2-send >> them in to the various monitoring sites like Aris and Dsheild, so I need >> help with the ftp part of it basically. I've read in the manual that i have >> to setup a ftp-record using config, yet all i get when i try is unknown >> character at f, or something to that effect. this groups help is greatly >> appreciated. >> >> Thanks >> Don
