Saturday, March 31, 2012

Configuring Solaris as Syslog Server for Centralised Log Management

To configure syslog on UNIX/Solaris, perform the following steps:

  1. As root, on SunOS, AIX, HPUX, or Solaris, backup the /etc/syslog.conf file prior to modification.
  2. Modify /etc/syslog.conf to tell the UNIX system how to sort out the syslog messages coming in from the sending devices, that is, which logging_facility.level goes in which file. Make sure that there is a tab between the logging_facility.level and file_name.
  3. Make sure the destination file exists and is writable.
  4. The #Comment section at the beginning of syslog.conf usually explains syntax for the UNIX system. Alternatively, you can read the man page of syslogd with man syslogd .
  5. Do not put file information in the ifdef section.
  6. As root, restart syslogd to pick up the changes.
  7. Set “/etc/syslog.conf” for “local7.debug /var/log/local7.debug
    1. The debug, informational, notification, warning, error, critical, alert, and emergency messages coming in on the local7 logging facility will be logged to the local7.debug file.
  8. To setup Syslog Server on Linux machine (eg. Debian) there need to be done one simple thing
    1. in /etc/init.d/sysklogd need to edit line and add -r option then restart syslog deamon (SYSLOGD=“-r”)
  9. If point 8 is not in Solaris issue: svccfg -s /system/system-log setprop config/log_from_remote=true
  10. svcadm restart svc:/system/system-log
Here is the config,

root@Solaris#more /etc/syslog.conf
#
# Copyright (c) 2000-2002 by Sun Microsystems, Inc.
# All rights reserved.
#
#ident "@(#)syslog.conf 2.3 02/02/21 SMI"
#
# This "syslog.conf" file was installed by JASS. This
# file should be used to log information both locally as
# well as to a centralized log server (or servers) so that
# proactive log analysis can be done.

*.err;kern.notice;auth.notice /dev/console
*.alert root
*.emerg *

*.debug /var/adm/messages
# *.debug @loghost1
# *.debug @loghost2
# Added for Cisco Syslog Analyzer (begin)
local7.info /var/log/syslog_info
# Added for Cisco Syslog Analyzer (end)
root@Solaris#

root@Solaris#ps -ef | grep syslog
root 21285 1 0 15:57:01 ? 0:01 /usr/sbin/syslogd
rs008327 21491 21480 0 09:01:04 pts/1 0:00 grep syslog
root@Solaris#
root@Solaris#svcs -a | grep system-log
online 15:57:01 svc:/system/system-log:default
root@Solaris#

root@Solaris#more /var/log/syslog_info


Posted by at No comments:

Thursday, September 22, 2011

Decrypt Cisco Type 7 Passwords

Posted by at No comments:

Monday, December 13, 2010

DMVPN Best Tutorial

DMVPN stands for Dynamic Multipoint VPN and it is an effective solution for dynamic secure overlay networks. In short, DMVPN is combination of the following technologies:
1) Multipoint GRE (mGRE)
2) Next-Hop Resolution Protocol (NHRP)
4) Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
3) Dynamic IPsec encryption
5) Cisco Express Forwarding (CEF)
Ref: -> http://blog.ine.com/2008/08/02/dmvpn-explained/

Posted by at No comments:

Friday, December 10, 2010

EIGRP Load balancing without using variance

First of all, the variance command assigns a multiplier that says when two routes are “close enough” to load balance. Normally, when presented with a route of metric 100 and one of metric 200, routing protocols will choose the former and ignore the latter. With “variance 2″, both routes will be considered equal and make it to the routing table. Depending on the setting of “traffic-share”, the routes will be used proportionally to their metrics. How Does Unequal Cost Path Load Balancing (Variance) Work in IGRP and EIGRP? describes it in detail.

http://ccnprecertification.com/2005/09/16/eigrp-load-balancing-without-using-variance
Posted by at No comments:

Wednesday, March 3, 2010

Default network - How to configure?

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml#ipnetwork
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a74.shtml





Posted by at No comments:
Subscribe to: Posts (Atom)