I have a small network. 15 Cisco (IOS-XE) switches, a Cisco ASA and a couple of Cisco routers.
I’ve been tasked with setting up a syslog server. I have kiwi syslog set up (that’s what the company bought the license for, so that’s what I have) and I’m wondering what your syslog configs look like.
Currently I am disabling debug logging on the everything, then setting the trap level to debug. This way, when I turn on debugging for something I don’t have to change what is being sent to the syslog server, just enable/disable that debug.
I am enabling link status logging to keep an eye on port flapping.
I am using log facility local7, which I think is correct, but if someone wants to tell me why I’m wrong I’ll gladly listen.
One of the reasons I ask is because some of my switches are logging every command that I run on them, when some of them only log when I authenticate and disconnect and I’m not sure why.
No comments:
Post a Comment