Configure Network Device - Cisco IOS Device
This article will walk through the steps to configure Cisco IOS devices to send syslog messages to the RocketAgent Syslog Server
To send syslog messages from Cisco IOS-based devices, connect to the device via SSH or telnet and run enable to become administrator.
Enter the following commands:
configure terminal
logging host <ip_address> transport udp port 514
logging facility syslog
logging trap debugging
exit
write memory
Replace <ip_address> with the IP address of the RocketAgent Syslog Server
Ensure these events are enabled:
|
Cisco IOS event ID |
Description |
|---|---|
|
%IDS-4-IPFRAG_ATTACK_SIG |
IP Fragment Attack |
|
%IDS-4-IP_IMPOSSIBLE_SIG |
IP Impossible Packet Attack |
|
%IDS-4-ICMP_FRAGMENT_SIG |
Fragmented ICMP Traffic Attack |
|
%IDS-4-ICMP_TOOLARGE_SIG |
Large ICMP Traffic Attack |
|
%IDS-4-ICMP_PING_OF_DEATH_SIG |
Ping of Death Attack Attack |
|
%IDS-4-TCP_FRAG_SYN_FIN_SIG |
TCP SYN+FIN flag Attack |
|
%IDS-4-TCP_FIN_ONLY_SIG |
TCP FIN only flags Attack |
|
%IDS-4-RPC_CALLIT_REQUEST |
Proxied RPC Request |
|
%IDS-4-UNAVAILABLE |
FTP Improper Port Specified |
|
%IDS-4-UDP_BOMB_SIG |
UDP Bomb attack |
|
%IDS-4-UDP_SNORK_SIG |
UDP Snork attack |
|
%IDS-4-UDP_CHARGEN_DOS_SIG |
UDP Chargen DoS attack |
|
%SEC-6-IPACCESSLOGP |
Reputation lookup on connecting IPs |
|
%IDS-4-TCP_FRAG_NULL_SIG |
TCP NULL flags Attack |
|
%SEC_LOGIN-5-LOGIN_SUCCESS |
Successful User login |
|
%SEC_LOGIN-4-LOGIN_FAILED |
Failed User login |
