5 Replies Latest reply on Feb 20, 2013 1:38 PM by noor

    Log forwarding

    cburgamy New Member

      Is there a realistically way to forward changes and commands entered into the NetVanta AOS without requiring a lot of resources? Currently we are only seeing login attempts/failures, trouble with interfaces, etc.. We really need to see what commands or what changes were made inside the GUI and then have that information forwarded.

        • Re: Log forwarding
          levi Employee

          cburgamy:

           

          Thank you for asking this question in the Support Community.  Currently, there is no way to log changes made in the web interface (other than viewing and comparing the configuration).  However, to view configuration changes done in the CLI, errors, and events, I recommend logging the desired output to a syslog server.  The details of how to configure this are described in the Configuring Syslog Logging in AOS document, but I have included the relevant information below:

           

          Configuring via the Web Interface

           

          Configuring logging via the Web Interface is supported in AOS firmware revisions 12 and higher. If your AOS device does not support AOS firmware revision 12, you should use the section titled “Configuring via the Command Line Interface.” For more information about accessing the web interface, consult the guide Accessing the Web Interface in AOS.


          Enabling Logging:

          1)      Click Logging under Utilities in the left menu.

          2)      Check the Event History check box.

          Enabling Syslog:

          3)      Click the Syslog Forwarding tab.

          4)      Check the Syslog Forwarding checkbox.

          Configuring Syslog Options:

          5)      Choose a Syslog Forwarding Priority Level. ‘Info (0)’ is the most verbose and ‘fatal (5)’ is the least verbose. For general information about interface state changes and firewall messages, choose ‘Notice (3)’.

          6)      Enter the Syslog Receiver IP Address. This is the IP Address of the computer hosting your Syslog server software.

          7)      Choose a Logging Facility between ‘Local 0’ and ‘Local 9’. The logging facility level is an arbitrary value that can be used in the Syslog Server software for filtering.

          8)      Click Apply.

          Saving the Configuration:

          9)      Click the Save button in the upper-right corner. Not clicking the Save button will cause the router to loose the changes you have made upon the next reboot.

          Note: Your AOS device will now send syslog messages to your syslog server.

           

          Configuring via the Command Line Interface

           

          Syslog logging can be configured via the Command Line Interface in all versions of AOS. For more information about access the Command Line Interface, consult the guide Accessing the Command Line Interface in AOS.

           

          Accessing Global Configuration Mode:

          1)      Type enable to enter Privileged Exec mode. You may be prompted for a password. If you do not know this password, consult the guide Password Recovery in AOS.

          2)      Type configure terminal to access Global Configuration Mode.

          Enabling Event Logging:

          3)      Type event-history on to enable event history logging.

          Enabling Syslog:

          4)      Type logging forwarding on to enable syslog logging.

          Configuring Syslog Options:

          5)      Type logging facility local0 to set the logging facility. The logging facility option is used by the Syslog server for filtering.

          6)      Type logging forwarding receiver-ip  <ip-address> to set the IP Address to which Syslog entries should be forwarded.

          (Example: logging forwarding receiver-ip 192.168.1.1)

          7)      Type logging forwarding priority-level <priority-level> to set the priority level. The priority level options are ‘error’, ‘fatal’, ‘warning’, ‘notice’ and  ‘info’ in ascending order of verbosity (‘error’ being the least verbose and ‘info’ being the most verbose).

          (Example: logging forwarding priority-level notice)

          Note: Your AOS device will now begin forwarding syslog entries to your Syslog Server.

           

          I hope that makes sense, but please, do not hesitate to reply to this chain with any questions or additional information and I will be happy to help in any way I can.

           

          Levi

            • Re: Log forwarding
              cburgamy New Member

              We are not able to forward the commands that were enter into the CLI, but we are able to forward the result of the command? And "info" is the most verbose?

                • Re: Log forwarding
                  levi Employee

                  cburgamy:

                   

                  In the CLI, the command show event-history will display the last 50 events (including user configuration commands).  However, the user commands are not sent to a syslog server because it is a security vulnerability.  To view the user commands that are stored in the event-history (other than by issuing the show event-history command), you will need to setup TACACS+ Accounting.  Here is the TACACS+ Authorization and Accounting guide.

                   

                  Also, you are correct, the command logging forwarding priority-level info is the most verbose and will log all system events.

                   

                  Levi

              • Re: Log forwarding
                levi Employee

                cburgamy:

                 

                I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

                 

                Levi

                  • Re: Log forwarding
                    Employee

                    I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                     

                    Thanks,

                    Noor