Configuring logging on cisco routers

One of the latest tasks I have is to monitor the perfomance and stability of around 20 wireless schools in the city.
Perfomance is quite is to do. I configured all routers to listen for snmp queries and fired up MRTG. The I set up smokeping to measure delays…and I had a fair view of what’s going on. Or that was what I though. I saw that the traffic was minimal. My guess was that schools were not using the broadband service we had offered them as they should. That is sometimes the case where teachers have no clue on how to use the broadband internet and/or kids have no intention to learn some new tricks and prefer to mock on people that use the internet as a tool.
Later on I set up a machine with syslog-ng and configured all schools to log “wirelessly” there.

logging trap debugging
logging IP.IP.IP.IP

where IP.IP.IP.IP is the IP of your host with the syslog daemon (preferably syslog-ng).

Then one day the wireless BSU had probs and schools had to use their isdn backup to reach the net. I had to do sth so that logging to my syslog did not begin a new session by dialing from the isdn backup. If logging was enabled and no filters were activated, then when one dial session was terminated the syslog messages from the router to me opened a new session just to tell me that the previous one terminated. And this could go on for hours and hours.
So I added a filter to the dialer and blocked syslog packets from opening the isdn.

< previous rules >
access-list 102 deny udp any any eq syslog
access-list 102 permit ip any any
dialer-list 1 protocol ip list 102

If any of you use syslog-ng for your machines (and you should) then try php-syslog-ng

No comments yet. Be the first.

Leave a reply