http://download.fedora.redhat.com/pub/epel/5/i386/repoview/epel-release.html
2. Yum install syslog-ng
3. vi /etc/syslog-ng/syslog-ng.conf
4. Remark default log settings (keep using syslog for system, syslog-ng for cisco device only)
5. Add
source s_sys {
udp(ip(0.0.0.0) port(514));
};
filter f_router { facility(local3); };
###ROUTER IP###
filter f_A { host("1.1.1.1"); };
filter f_B { host("2.2.2.2"); };
filter f_C { host("3.3.3.3"); };
###UNKNOWN ROUTER###
filter f_unknown { not ( filter(f_A)
or filter(f_B)
or filter(f_C) ); };
###LOG FILE LOCATIOM###
destination A { file("/var/www/netlog/A.log" perm(0644) sync(10) ); };
destination B { file("/var/www/netlog/B.log" perm(0644) sync(20) ); };
destination C { file("/var/www/netlog/C.log" perm(0644) sync(20) ); };
destination unknown { file("/var/www/netlog/unknown.log" perm(0644) sync(10) ); };
###LOG SETTING###
log { source(s_sys); filter(f_router); filter(f_A); destination(A); };
log { source(s_sys); filter(f_router); filter(f_B); destination(B); };
log { source(s_sys); filter(f_router); filter(f_C); destination(C); };
log { source(s_sys); filter(f_router); filter(f_unknown); destination(unknown); };
6. Edit /etc/sysconfig/iptables and Add
-A RH-Firewall-1-INPUT -p udp -m udp --dport 514 -j ACCEPT
7. Edit /etc/httpd/conf.d/netlog.conf
Alias /netlog /var/www/netlog
<Location /netlog>
Options Indexes Includes FollowSymLinks SymLinksifOwnerMatch MultiViews
Order deny,allow
Deny from all
Allow from 163.50
Allow from 172
Allow from 192
</Location>
9. service iptables restart & service syslog-ng restart & service httpd restart
10. chkconfig --level 3456 syslog-ng on
11. Edit /etc/logrotate.d/syslog-ng
/var/www/netlog/*.log {
daily
notifempty
missingok
copytruncate
postrotate
/sbin/service syslog-ng reload > /dev/null 2>/dev/null || true
endscript
compress
}
12. Configure your Cisco Router
logging facility local3
logging <server ip>
No comments:
Post a Comment