advertisement
Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

Is the SMB Protocol an Open Door to Network Intruders?
Cybersecurity and the Art of Misdirection
The Problems with Encrypting Data in the Cloud
In the Cloud, Encryption in Motion + Encryption at Rest = Not Good Enough
The Biggest Cybersecurity Story of the Week

advertisement
advertisement
 

Ensure Network Safety with Centralized Logging : Page 3

Virus definitions often can't keep up with the rapid proliferation of Windows-based worms, letting them slip under your radar. How can you keep your network safe? Use the access lists on your routers along with a centralized logging database to help you quickly find and isolate infected hosts.


by Tim Conrad
Jun 2, 2004
Page 3 of 8
advertisement
Configure Your Router Base
Before you can get started, there are some basic things you need to configure on your routers. Keep in mind that this only outlines a basic NTP configuration. Also, I have my clocks set within a few seconds of each other, however, this may not be acceptable for your needs.

Make sure that your routers can freely access your NTP server by allowing any access that's required through any firewalls existing on your network. To configure your router to use ntp, go into configure mode on your router and type: 


RouterA#config t
Enter configuration commands, one per line.  End with CNTL/Z.
RouterA(config)#ntp server 10.0.37.15
RouterA(config)#end
At this point, 'show ntp status' will show the status of the NTP synchronization: 








RouterA#sh ntp status
Clock is synchronized, stratum 3, reference is 10.0.37.15
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is C44215A4.FC1FC6D7 (13:14:12.984 UTC Tue May 4 2004)
clock offset is 0.0982 msec, root delay is 46.88 msec
root dispersion is 20.89 msec, peer dispersion is 0.08 msec
Type 'sh clock' at the prompt, and the time in UTC will be shown: 

RouterA#sh clock
13:16:13.344 UTC Tue May 4 2004
Ideally, there should be at least two NTP servers on your network so that the NTP clients can figure out how far off they may be.

The network that I support spans many timezones, so it's easier for me to have everything in a single timezone, and I chose UTC for that timezone. If you prefer to use a different time zone, use this command to set it: 


RouterA#config t
Enter configuration commands, one per line.  End with CNTL/Z.
RouterA(config)#clock timezone EST -5
! set your timezone in UTC -x or +x hours above. I'm in US EST, so that's
! my timezone.
RouterA(config)#clock summer-time EDT recurring 
! We do daylight savings time, so I'm configuring that as well.
Now when I type 'sh clock', I'm shown my current local time: 

RouterA#sh clock
09:23:00.968 EDT Tue May 4 2004
By default, Cisco routers use the router's uptime to display network events, instead of ‘real’ time. This makes it somewhat difficult to use the syslog facilities, because it’s hard to determine how long ago certain events occurred. To fix this, configure the router to use timestamps instead of router uptime: 

RouterA#config t
Enter configuration commands, one per line.  End with CNTL/Z.
RouterA(config)#service timestamps debug datetime msec localtime show-timezone
RouterA(config)#service timestamps log datetime msec localtime show-timezone
RouterA(config)#end
Another nice feature is the local buffering of logs. By default, only a few lines are buffered, and having more data immediately available is helpful in diagnosing network problems: 

RouterA#config t
Enter configuration commands, one per line.  End with CNTL/Z.
RouterA(config)# logging buffered 9128 debugging
RouterA(config)#end
Now, if you type 'show log' at the prompt, you should see the last configuration. Type 'copy run start' at the prompt, and the 'show log,' and the timestamps should be shown for save event: 

RouterA#copy run start
Destination filename [startup-config]? 
Building configuration...
[OK]
RouterA#sh log
Syslog logging: enabled (10 messages dropped, 2 messages rate-limited, 0 flushe)
    Console logging: level debugging, 49 messages logged, xml disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled
    Buffer logging: level debugging, 49 messages logged, xml disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level informational, 49 message lines logged
          
Log Buffer (9128 bytes):
...cut...
May  4 09:21:08.109 EDT: %SYS-5-CONFIG_I: Configured from console by console
May  4 09:22:59.992 EDT: %SYS-5-CONFIG_I: Configured from console by console
There is some more configuring to be done later, but for now, this sets everything up. Copy the configuration to each router from which you plan on centralizing the syslogs.

« Previous Page 12345678 Next Page »
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 
advertisement
Sitemap