Skip to main content

Configure rsyslog on Red Hat Enterprise Linux 6 (RHEL6) for Cisco Switches

One of the problems that you can face during configuration of cisco switches for Red Hat Enterprise Linux 6 is the correct formatting. I had to go through this and make sure it is working for Sonicwall and Cisco Switches so here you go! Also, if I were you, I would add a disclaimer to let someone else know about or not to change the configurations.

1. create your file under /var/log/
2. [username@servername log] touch cisco-example
3. Next you have to Edit rsyslog
4. [username@servername log] vi /etc/rsyslog.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example1
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example2
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"    /var/log/cisco-example3
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"   /var/log/cisco-example4
& ~
# Sonicwall Firewall Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"      /var/log/sonicwall
& ~

5. Make sure your UDP Port is open in /etc/sysconfig/iptables
6. Add the following lines to your /etc/sysconfig/iptables
7. [username@servername log] vi /etc/sysconfig/iptables
# Port for Syslog Communciations on UDP Port 514
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

8. service iptables restart
9. service rsyslog restart
10. tail -f /var/log/cisco-example or whatever you are logging to make sure it is writing to your logs.
11. Install Splunk on a VM or another server and start generating some super reports from the logs for your management so that they will love you!

NOTE: If you can't tell what "&" is, it is the ampersan symbol above #7 on the keyboard. =)

Red Hat Reference Article: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Viewing_and_Managing_Log_Files.html

Popular posts from this blog

How to Login to AWS using CLI with AzureSSO through Azure Active Directory

Testing on Windows 10 Release 1909  Prerequisite (Install Visual Studio Code and the AWS CLI if you don't have it already installed and your Azure Active Directory is already configured and processing authentication) 1. Install Node.Js https://nodejs.org/en/ (Use the LTS Edition/Version) 2. Check the node version in PowerShell or Windows Terminal: node --version && npm --version 3. npm install -g aws-azure-login *install will take about 15-20 minutes. Be patient and let it finish.  4. Configure your profile aws-azure-login --configure --profile=<<Name of your profile>> Example:  aws-azure-login --configure --profile=migrationking Pro Tip: It installs the profile on your machine under ~/.aws/config . You can edit the file with Visual Studio Code or Notepad++ #This will prompt to Enter the Azure AD details *** Azure Tenant ID: << Enter the Azure AD Tenant ID from the Azure AD application configuration for the AWS Account to be accessed>> Azure Tenant I

How to Setup CAC/PIV Cards on Ubuntu Linux 20.04LTS

NOTE: Verified to work with PIV/CAC Cards NOTE: Do not use a Regular USB if you are traveling. Only use a Military Grade FIPS 140-2, Level 3 Certified Device. Do Not use that Fingerprint reader garbage. What if your finger got chopped off? Use a Pin you can easily remember because if you forget it, your VM and data on the USB will be toast and not recoverable.  NOTE: This tutorial is for a bare-metal Ubuntu Linux 20.04 LTS laptop, not a virtual machine. Make sure you encrypt your laptop during OS installation. Do NOT be an idiot and use the same encryption password as the OS login. https://www.amazon.com/iStorage-datAshur-PRO2-Secure-Encrypted/dp/B07VK7JTQT/ref=sr_1_1?dchild=1&keywords=istorage+datashur&qid=1625886216&sr=8-1 1. Purchase an ACS Smart Card reader (Manufacturer Code: ACR39U-N1) https://www.amazon.com/ACS-ACR39U-N1-Pocketmate-II/dp/B0758TS5JR https://www.acs.com.hk/en/products/426/acr39u-n1-pocketmate-ii-smart-card-reader-usb-type-a/ (PS/SC Drivers are located

How to Fix /storage/core filesystem Out of Disk Space Error on VCSA 6.0U1

How to fix the error of " The /storage/core filesystem is out of disk space or inodes" Step 1: Login to the new VCSA 6.0U1 HTML5 web client. https://ip address:5480 Step 2: Enable SSH and Bash Shell Step 3: Login as root and type "shell" at Command> shell Step 4: df -h (Check if it's out of space) /dev/mapper/core_vg-core               50G   50G     0 100% /storage/core Step 5: Stop the services of VCSA:  hostname: # service vmware-vpxd stop hostname: # service vmware-vpxd status (make sure it is stopped) Step 6:  cd /storage/core Step 7: rm -rf *.tgz ( be CAREFUL ...do this in the wrong directory and you will be retrieving from a backup .) If you need help. Go to Cybercity ( http://www.cyberciti.biz/faq/delete-all-files-folder-linux/ )  Step 8: service vmware-vpxd restart Step 9: history -c Step 10:  Refresh the browser (https://ip address:5480). Now it's all green VMware KB