Thursday, June 12, 2014

Setting up a Syslog server in Ubuntu for Cisco routers/switches

Configuration to be done in Ubuntu server

RSYSLOG is the default logging utility in Ubuntu. Main configuration file for rsyslog is /etc/rsyslog.conf. Make sure that there is a line as follows in the rsyslog.conf file.
$IncludeConfig /etc/rsyslog.d/*.conf
Now make a new file (say cisco.conf) in /etc/rsyslog.d directory.
Add these line to cisco.conf
local7.*    /var/log/cisco/cisco.log
This means that all syslog messages with facility (or tag) as local7 (Local7 is the default tag on all syslog messages from cisco devices) should be logged to cisco.log file at /var/log/cisco directory. So create a folder named cisco at /var/log and a blank document cisco.log inside that folder.
Now just restart rsyslog daemon using the command
sudo service rsyslog restart

Configuration to be done in Cisco device

In the Cisco router/switch whose logs are to be logged in the syslog server, configure the following :

logging Ubuntu_Server_IP
For example,
logging 192.168.2.1
Now all the logs from Cisco device will be logged to Syslog server in the Ubuntu machine. You can see the logs at System Log viewer by opening /var/log/cisco/cisco.log

Show running-config as read-only in Cisco routers without using AAA with TACACS+ and RADIUS

Sometimes it happens that we have to provide read only access to the running configuration of routers to someone who has a lower privilege. Cisco defines privilege level 15 as full access privileged EXEC mode and privilege level 1 as the normal user exec mode. In between levels are not defined by default. We can use privilege command to move commands from one privilege level to another.


commands:
privilege exec all level 10 show running-config

alias exec shrun show running-config view full

username hdesk privilege 10 secret hdesk@1234

Explanation:
  1. Move show running-config command to a privilege level 10
  2. But to view the running configuration, instead of show running-config, we have to type complete show running-config view full. So let's create a alias named shrun. This is optional.
  3. Now create a user with the privilege level 10. This user will be now able to see running configuration using the alias command shrun .