How to configure and verify syslog

Certification: Cisco CCNA Routing and Switching - Cisco Certified Network Associate Routing and Switching

Who hasn’t heard of syslog? Probably no one, yet who actually knows what it is for, and what it does? Most people can figure out its some kind of auto-logging feature of software, which reports its usage data and stats at different intervals to make debugging easier. However, they also don’t usually know that it allows the separation of the message-generating software from the others that either store or analyzes them. Besides showing general information, statistics and debugging messages, the syslog can also be used for security auditing. Also, most people don’t know that there is a syslog for a wide variety of devices, including routers and printers beside the computer. The syslog can function as a great log for a multitude of different devices. Each syslog line is assigned a severity, to better help developers/technicians and so on to better asses the situation. The severity ratings range from Info and Debug lines to Alert and Critical lines. You can send messages to the syslog via the logger utility command line. The syslog is a standardized protocol as of RFC 5424.

First created in the 80s by Eric Allman, at first solely for a general purpose email routing facility, the syslog has since skyrocketed in popularity, and is now basically on everything, especially in routers. Its popularity is due primarily because it functioned as a de facto standard. It was the first of its kind, and because there was no competition, syslog became all-present. Although some companies have attempted to take sole credit for the syslog, they all failed and remained stuck in the mud. There are also some groups that wish to introduce syslog in other areas of expertise, especially medical and health care.

Syslog has proven time and time again to be the most effective logging tool, with numerous open source codes and proprietary tools, and converters from other logging protocols/programs.

Syslog in networking

Although Syslog is regulated by the RFC standards, it is still UDP based, and as such it does not guarantee message delivery. They are prone to interception, for example, and they do not assure you that the packets will be delivered in order. Network congestion, or the otherwise overloading of a link may also cause corruption or otherwise inhibit the transmission of the syslogs to the syslog server or syslogd.

The protocol is not in charge with any formatting, or content-check of the information it sends, it just sends it. As such there isn’t that much uniformity in the messages it sends, nor is there any authentication of the sender. Bad configuration of a device may result in error-prone or misleading information sent about the specified hardware to the Syslog daemon. Hackers may also exploit the lack of authentication features of the syslog and mislead technicians with false errors or problems on machines, using it as a distraction to attack or compromise sister/neighbor machines. The hacker can also emulate normal behavior of a device, and then proceed to reconfigure or otherwise remove it completely form the network. The data itself is send via UDP or TCP and by cleartext format. To combat some hacker attacks, the data can be encrypted using a SSL wrapper.

Configuration: how to

The first thing you will want to do when it comes to configuration, is to see who is your system logger. Usually a syslogger is syslogd. You need it to manage your logging. It is started by default at boot. You can disable this feature if you want, but that would be counter-productive. Most config changes are done with the syslogd_flags located in /etc/rc.conf or /etc/syslog.conf. For example, you can enable the boot start as syslogd_enable. You can find most of these commands in syslogd(8).

The configurations file is the syslog.conf (the name might’ve been the giveaway factor) and it controls what the syslogd does whit the messages/entries it receives from connected devices. You can configure which subsystem configures and displays which, and also the level.

The syntax for each configuration line is a sole line, made up from a selector field, and an action field. More than one selector fields can be introduced, but must be separated by a semicolon (“;”); “ * “ will match everything. The syntax for the selector field is something along the lines of exfacility.exlevel. This will match the logs from the exfacility at the exlevel level (like Critical/Alert/etc…) the action field demands an action to be executed.

For ease of access and stocking of message logs, they are generally managed, compressed at a default one hour rotation. Managed logs are easy to find and take up less space. However you can configure most aspects of the log manager from newsyslog.conf, its config file.

File administration can also be eased by configuring centralized logging for the log files from multiple hosts. This type of logging can be configured from the above-mentioned syslog configuration files, and are useful for easing administration work on massive networks.

The log server itself can be configured from its file syslog.conf, adding names of multiple clients from which it can receive logs from (syslogd_flags="-a logclient.example.com -v -v"). Note that a log file should also be created then. A log client can be configured from the rc.conf file.

When you are done with the configurations remember the old saying, “better safe than sorry”. Check for errors. Debug and verify that all configured components work and do as expected.  Make sure everything can ping what it needs to ping without fault, and verify the first few logs that come up on the system logger.

For examples and other facts and configuration needs you can visit this free handbook at this site.

Related IT Guides

  1. 4 weeks study plan for CCNA Routing and Switching exam
  2. CCNA Routing and Switching scope and sequence
  3. CCNA Routing and Switching: LAN switching and WAN technology
  4. Describe WAN Technologies
  5. Detailed analysis of various sections of CCNA Routing and Switching Exam
  6. How to configure and verify OSPF
  7. How to configure PVSTP operation: root bridge elections and spanning tree protocol IP addressing (IPv4 & IPv6)
  8. How to create a static route for CCNA routing and switching
  9. How to install and operate Cisco LAN switches
  10. How to prepare well for CCNA Routing and Switching 200-101
  11. How to Resolve Spanning Tree Operation Issues
  12. How to Troubleshoot and Resolve ACL issues
  13. IP Data Networks: common applications and their impact on the network
  14. Recommended books for CCNA Routing and switching exam
  15. The basics of IPV6 addresses: Global
  16. What are Common Network Problems
  17. What are Network device security features?
  18. What is included in CCNA Routing and Switching Curriculum?
  19. Which abilities CCNA Routing and Switching certification validates?
  20. Why and how passing scores are changed from time to time for CCNA Routing and Switching?
100% Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.


Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at support@braindumps.com. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.


The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired.)
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name.)
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as www.braindumps.com provides only the practice questions for these.
  11. Outdated Exam Products.
Close
Get 10% Discount on Your Purchase When You Sign Up for E-mail

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

Braindumps Testing Engine

10% OFF

Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Close
Your 10% Discount on Your Purchase

Save 10%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 10% discount on all your purchases:

SignUp10OFF

Start Shopping