Scribd
Upload
33 views

Syslog, SNMP, NTP

Uploaded by

scor9958
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views

Syslog, SNMP, NTP

Uploaded by

scor9958
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Syslog – SNMP – NTP

BSCI v3.0—2-1
Implementing Log Messaging

• Routers should be configured to send log messages to one


or more of these:
– Console
– Terminal lines
– Memory buffer
– SNMP traps
– Syslog
• Syslog logging is a key security policy component.
Syslog Systems

• Syslog server: A host that accepts and processes log messages from one or
more syslog clients.
• Syslog client: A host that generates log messages and forwards them to a
syslog server.
Cisco Log Severity Levels

Level Name Description


0 Emergencies Router unusable
1 Alerts Immediate action required
2 Critical Condition critical
3 Errors Error condition
4 Warnings Warning condition
5 Notifications Normal but important event
6 Informational Informational message
7 Debugging Debug message
Log Message Format

Time Stamp Message Text

Oct 29 10:00:01 EST: %SYS-5-CONFIG_I: Configured from console by vty0 (10.2.2.6)

Log Message
Name and Severity
Level
Configuring Syslog
Logging
Configuring Syslog

Router(config)#
logging [host-name | ip-address]

1. Sets the destination logging host

Router(config)#
logging trap level

2. (Optional) Sets the log severity (trap) level

Router(config)#
logging facility facility-type

3. (Optional) Sets the syslog facility


Configuring Syslog (Cont.)

Router(config)#
logging source-interface interface-type interface-number

4. (Optional) Sets the source interface

Router(config)#
logging on

5. Enables logging
Syslog Implementation Example

R3(config)#logging 10.2.2.6
R3(config)#logging trap informational
R3(config)#logging source-interface loopback 0
R3(config)#logging on
SNMP
SNMPv1 and SNMPv2 Architecture

• The SNMP NMS asks agents embedded in network devices for


information, or tells the agents to do something.
Community Strings

Used to authenticate messages between a


management station, and an SNMPv1 or SNMPv2
engine:
• Read only community strings can get information, but can
not set information in an agent.
• Read-write community strings can get and set information in
the agent.
• Having read-write access is like having the enable password
for the device.
SNMP Security Models and Levels

Definitions:
• Security model is a security strategy used by the SNMP agent
• Security level is the permitted level of security within a security model

Model Level Authentication Encryption What Happens


v1 noAuthNoPriv Community String No • Authenticates with a community
string match

v2 noAuthNoPriv Community String No • Authenticates with a community


string match
v3 noAuthNoPriv Username No • Authenticates with a username
authNoPriv MD5 or SHA No • Provides HMAC MD5 or SHA
algorithms for authentication
authPriv MD5 or SHA DES • Provides HMAC MD5 or SHA
algorithms for authentication
• Provides DES 56-bit encryption
in addition to authentication
based on the CBC-DES (DES-56)
standard
SNMPv3 Architecture
SNMP Operational Model
Example
Configuring NTP Client
Understanding NTP

• NTP is used to synchronize the clocks in the entire network.


• System clock is set by the battery system calendar during
bootup.
• System clock can then be modified manually or via NTP.
• NTP runs over UDP port 123; current version is 4.
• Only NTP up to version 3 has been documented in RFCs.
• Stratum describes how many “NTP hops” away a machine is
from authoritative time source.
• NTP establishes associations to synchronize time.
Configuring NTP Associations

Router(config)#
ntp server {ip-address | hostname} [version number] [key
keyid] [source interface] [prefer]
• Forms a server association with another system

You might also like