With all of the network configuration I’ve been doing lately, I’ve decided to set up a central syslog server that the routers and switches can log to. That will create a central place that I can look for warnings and errors that are occurring on these devices. It also makes it so I can save the logs for extended periods of time, and use normal Linux tools to search and parse through them.
For some reason, I found it difficult to find instructions on how to create a centralized syslog server. However, its incredibly easy. You just have to configure the Linux syslogd process to listen on a remote interface, then configure the logs like anything else in syslog. In CentOS, you just edit /etc/sysconfig/syslog and add a “-r” to the “SYSLOGD_OPTIONS” line. Then allow port 514 through your firewall from your router’s IP addresses.
On each router, set these global configuration commands:
logging facility local1
logging source-interface FastEthernet0/1
On the syslog server, configure your /etc/syslog.conf with something like this:
## Router Logs
I also like to set up logrotate with this in /etc/logrotate.d/routers
My next step will be creating a LogWatch script to email me anything that I should be concerned about