Cisco 837 & Syslog. Where's the messages.

I've got a Cisco 837 acting as my firewall too and Kiwi Syslog on my pc (192.168.1.7) I've got logging on and, I think, everthing set up correctly. Yet the only messages I receive from the router to syslog are when I wr to the console or do a local test. This is driving me crazy. I can't figure out wny I'm not getting any messages. The logging trap is set at debugging. Syslog is set to listen on port 514 for UDP and TCP on port 1468. My AV/Spy program is disabled. Here's my router config:

version 12.3 no service pad service timestamps debug uptime service timestamps log datetime service password-encryption ! hostname Cisco837 ! boot-start-marker boot-end-marker

clock timezone CST -6 no aaa new-model ip subnet-zero ! ip dhcp excluded-address 192.168.1.1 192.168.1.49 ! ip dhcp pool CLIENT import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.90.138.145 66.228.128.69 lease 0 8 ! ! ip name-server 66.90.138.145 ip name-server 66.228.128.69 ip multicast-routing ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw tftp timeout 30 ip ips po max-events 100 vpdn enable vpdn softshut ! vpdn-group 1 request-dialin protocol pppoe ip mtu adjust ! no ftp-server write-enable ! no crypto isakmp enable no crypto isakmp ccm ! crypto ipsec nat-transparency spi-matching ! interface Ethernet0 description Connection to LAN ip address 192.168.1.1 255.255.255.0 ip mtu 1452 ip pim sparse-dense-mode ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ip igmp helper-address udl Dialer1 ipv6 mtu 1452 no cdp enable hold-queue 100 out ! interface ATM0 mtu 1492 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto hold-queue 224 in pvc 0/35 pppoe-client dial-pool-number 1 ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Virtual-Template1 no ip address ! interface Dialer1 description DSL Dialer mtu 1492 ip address negotiated ip pim sparse-dense-mode ip nat outside ip inspect myfw out ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1400 ip igmp unidirectional-link dialer pool 1 dialer remote-name redback dialer-group 1 ppp ipcp dns request ppp ipcp wins request ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip http server ip http secure-server ! ip nat inside source list 102 interface Dialer1 overload ip nat inside source static tcp 192.168.1.7 52975 interface Dialer1 52975 ip nat inside source static udp 192.168.1.7 52965 interface Dialer1 52965 ip nat inside source static tcp 192.168.1.7 52965 interface Dialer1 52965 ip nat inside source static udp 192.168.1.7 52975 interface Dialer1 52975 ip nat inside source static udp 192.168.1.7 52875 interface Dialer1 52875 ip nat inside source static tcp 192.168.1.7 52865 interface Dialer1 52865 ip nat inside source static tcp 192.168.1.7 4711 interface Dialer1 4711 ip nat inside source static udp 192.168.1.7 4672 interface Dialer1 4672 ip nat inside source static tcp 192.168.1.7 4662 interface Dialer1 4662 ip nat inside source static tcp 192.168.1.7 3389 interface Dialer1 3389 ! ip access-list log-update threshold 1 logging trap debugging logging facility syslog logging source-interface Ethernet0 logging 192.168.1.7

access-list 102 remark permit internal network internet access access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 111 permit tcp any any eq 3389 log access-list 111 permit tcp any any eq 4662 access-list 111 permit tcp any any eq 52865 log access-list 111 permit udp any any eq 52875 log access-list 111 permit tcp any any eq 52965 log access-list 111 permit udp any any eq 52965 log access-list 111 permit tcp any any eq 52975 log access-list 111 permit udp any any eq 52975 log access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 remark Block all Outside traffic In access-list 111 deny ip any any log dialer-list 1 protocol ip permit

snmp-server community marcwrite RW snmp-server community public RO snmp-server community marcread RO snmp-server contact xxx snmp-server enable traps tty snmp-server host 192.168.1.7 marcwrite ! ! control-plane ! banner motd ^C*********************!!!IMPORTANT NOTICE!!!***********************

*
  • This is a restricted system. All connections are logged. *
  • If you are not authorized to connect to this system, log *
  • off now.
  • *
  • Violators will be prosecuted to the full extent of the law. *
*******************************************************************
  • *
**********************!!!AVIS IMPORTANT!!!*************************
  • L'acces au present systeme est limite et tous ses acces sont *
  • actuellement utilises. Si vous n'etes pas autorise a vous y *
  • raccorder, veuillez quitter ce systeme immediatement. *
  • *
  • Tout contrevenant sera poursuivi en vertu des mesures prevues *
  • par la loi. *
*******************************************************************^C ! line con 0 exec-timeout 120 0 password 7 051C091D704A4B0D no modem enable stopbits 1 line aux 0 line vty 0 4 exec-timeout 120 0 password 7 1059060B5411170F login local length 0 ! scheduler max-task-time 5000 end
Reply to
Marc
Loading thread data ...

Anyone have an idea why I'm not getting messages to syslog?

Reply to
Marc

What messages? cisco routers aren't exactly all that chatty for their logging unless you start turning debugging on. I have 7200's that go for months without a syslog entry because they don't generate any logs..

'logging facility syslog' is probably wrong, it depends on your syslog daemon. This is the facility code it will log events at.

My unix ones use one of the 'local' ones to route their logs to the appropriate logfile. You have to match the name after facility with the appropriate thing for the way you configure your syslog server.

Reply to
Doug McIntyre

"logging buffered debugging"

You are only logging traps, and the only traps you have enabled are tty.

Also do a "no logging facility syslog". You don't need that either.

Scott

Reply to
Thrill5

It took out the logging facility syslog and changed the applicable entries in Kiwi to Local7. Still no change in messages but I see that the logging facility statement is indeed not needed.

The messages I'm trying to see are all incoming denied traffic. Which I thought would be generated from: access-list 111 deny ip any any log. Still nothing.

Messages poured in when I put 'log at the end of this: access-list 102 permit ip 192.168.1.0 0.0.0.255 any But no messages are generated from outside > in. \\

I also added a trap for debugging. Still nothing.

Reply to
Marc

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.