Cisco. Send logs to Syslog Server.

Enable send logs from a Cisco Switch:

1.     Check the config 

show run | i logging

2.      Configure the switch 

conf t

logging host 11.11.11.11
end

         3 Change the switch level logging 

conf t

logging console debugging

logging monitor debugging

logging buffer debugging

end

wr

Example user logins reports:

conf t

archive

log config

  logging enable

  notify syslog contenttype plaintext

  hidekeys

logging on

login block-for 60 attempts 3 within 60

login on-failure log every 1

login on-success log every 1

For Cisco 4500, check:

4500(config)#login on-success trap every 1

4500(config)#login on-success log every 1

4500(config)#login on-failure trap every 1

4500(config)#login on-failure log every 1

4500(config)#ip ssh logging events

logging source-interface vlanX

Configure the output source vlan for the logs (Force output from an ip) 

logging source-interface vlanX

Others commands

sh logging queue: to check the queue

My syslog server is Kiwi Syslog

More info: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113603-asa-missing-logs-00.html

 by GoN | Published: Febrary 9, 2017 | Last Updated: