Custom Syslog Port Configuration
Overview
OcNOS enables the establishment of a Syslog server by designating the logging server as XX.XX.XX.XXX. This configuration sends syslog messages via the default port, which is 514. However, utilizing the default port for the Syslog server is considered a security vulnerability.
Support for In-band management over default VRF
OcNOS supports syslog over the default and management VRFs via in-band management interface and OOB management interface, respectively.
By default, syslog runs on the management VRF.
Features
• CLI is supported for user to configure custom syslog port.
• Once configured syslog conf file is updated with the configured port value.
• At the rsyslog server side, stop the running rsyslogd daemon using the command “systemctl stop rsyslog.service”
• Update /etc/rsyslog.conf file with syslog client configured port.
• Start the rsyslog daemon –using systemctl start rsyslog.service.
• Logs will redirect to syslog server through configured port.
• After un-configuring, the port logs will be sent to syslog remote server through default port 514, to receive the logs at server side, it also needs to be set back to default.
• Delete the custom Syslog port.
Custom Syslog Configuration with IPv4 Address
Logging is performed with IPv4 IP address and verified by logs on remote machine.
Topology
.
Syslog sample topology
Enabling rsyslog
#configure terminal | Enter configure mode. |
(config)#feature rsyslog [vrf management] | Enable feature on default or management VRF. By default this feature runs on the management VRF. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
(config)# logging remote server 10.12.33.211 7 port 8514 vrf management | Redirect into the remote server configure the severity and custom port with vrf management (default custom port is 514). |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Validation
#sh running-config logging
feature rsyslog vrf management
logging remote server 10.12.33.211 7 port 8514 vrf management
ocnos#show logging server
Remote Servers:
10.12.33.211
port: 8514
severity: Operator (debug-detailed)
facility: local7
VRF : management
Check the rsyslog messages in server at /var/log/OcNOS.log
2023-08-25T12:36:56+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:36:56.982 : OcNOS : PSERV : DEBUG : Keep-Alive message sent to systemd
2023-08-25T12:37:03+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:03.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:13+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:13.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:23+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:23.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:33+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:33.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:43+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:43.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:49+05:30 OcNOS sshd[11651]: Accepted password for ocnos from 192.168.230.131 port 57298 ssh2
2023-08-25T12:37:49+05:30 OcNOS sshd[11651]: pam_unix(sshd:session): session opened for user ocnos by (uid=0)
2023-08-25T12:37:50+05:30 OcNOS sshd[11660]: Accepted password for ocnos from 192.168.230.131 port 57301 ssh2
2023-08-25T12:37:50+05:30 OcNOS sshd[11660]: pam_unix(sshd:session): session opened for user ocnos by (uid=0)
2023-08-25T12:37:50+05:30 OcNOS CML[4875]: 2023 Aug 25 12:37:50.359 : OcNOS : CML : INFO : [CML_5]: Client [cmlsh (/dev/pts/0)] established connection with CML server
2023-08-25T12:37:51+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:51.214 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : terminal monitor
2023-08-25T12:37:53+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:53.330 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : en *New User Login*
2023-08-25T12:37:53+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:53.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:55+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:55.570 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : start-shell
2023-08-25T12:37:56+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:37:56.983 : OcNOS : PSERV : DEBUG : Keep-Alive message sent to systemd
2023-08-25T12:37:58+05:30 OcNOS su: (to root) ocnos on pts/0
2023-08-25T12:37:58+05:30 OcNOS su: pam_unix(su-l:session): session opened for user root by ocnos(uid=1000)
2023-08-25T12:38:03+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:38:03.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:38:13+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:38:13.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:38:17+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:17.201 : OcNOS : PSERV : CRITI : Module: ospfd has closed connection with PSERVD.
2023-08-25T12:38:17+05:30 OcNOS CML[4875]: 2023 Aug 25 12:38:17.204 : OcNOS : CML : CRITI : Module ospf disconnected with CML
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.229 : OcNOS : PSERV : INFO : Protocol pservd published protocol-module-down notification.
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.241 : OcNOS : PSERV : DEBUG : pserv SIGUER2 signal for module :ospfd
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.242 : OcNOS : PSERV : DEBUG : Crash Dump Directory not present
2023-08-25T12:38:20+05:30 OcNOS NSM[4639]: 2023 Aug 25 12:38:20.110 : OcNOS : NSM : DEBUG : G8031 : nsm_g8031_sync : Sync PG info to ONMD
2023-08-25T12:38:20+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:20.116 : OcNOS : PSERV : NOTIF : [WATCHDOG_PM_RECOVERED_4]: The module ospfd recovered from a critical error
2023-08-25T12:38:20+05:30 OcNOS PSERV[1595]: Signal SIGUSR2 received and restarted module: ospfd
2019 Jan 05 20:10:52.212 : OcNOS : OSPF : INFO : Interface lacp aggregator update flag 0
Custom Syslog Configuration with IPv6 Address
Logging is performed with IPv6 IP and verified by logs on remote PC (Logging server).
Topology
Figure 24-40 shows the sample configuration of Syslog.
Syslog Configuration topology
Enabling rsyslog
#configure terminal | Enter configure mode |
(config)#feature rsyslog [vrf management] | Enable feature on default or management VRF. By default this feature runs on the management VRF. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#logging remote server 200:201::100:10 7 port 8514 vrf management | Redirect into the remote server configure the severity and custom port with vrf management (default custom port is 514). |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Validation
ocnos#sh running-config logging
feature rsyslog vrf management
logging remote server 200:201::100:10 7 port 8514 vrf management
#show logging server
Remote Servers:
200:201::100:10
port: 8514
severity: Operator (debug-detailed)
facility: local7
VRF : management
Check the rsyslog messages in server at /var/log/OcNOS.log
2023-08-25T12:36:56+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:36:56.982 : OcNOS : PSERV : DEBUG : Keep-Alive message sent to systemd
2023-08-25T12:37:03+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:03.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:13+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:13.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:23+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:23.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:33+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:33.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:43+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:43.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:49+05:30 OcNOS sshd[11651]: Accepted password for ocnos from 192.168.230.131 port 57298 ssh2
2023-08-25T12:37:49+05:30 OcNOS sshd[11651]: pam_unix(sshd:session): session opened for user ocnos by (uid=0)
2023-08-25T12:37:50+05:30 OcNOS sshd[11660]: Accepted password for ocnos from 192.168.230.131 port 57301 ssh2
2023-08-25T12:37:50+05:30 OcNOS sshd[11660]: pam_unix(sshd:session): session opened for user ocnos by (uid=0)
2023-08-25T12:37:50+05:30 OcNOS CML[4875]: 2023 Aug 25 12:37:50.359 : OcNOS : CML : INFO : [CML_5]: Client [cmlsh (/dev/pts/0)] established connection with CML server
2023-08-25T12:37:51+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:51.214 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : terminal monitor
2023-08-25T12:37:53+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:53.330 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : en *New User Login*
2023-08-25T12:37:53+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:53.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:55+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:55.570 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : start-shell
2023-08-25T12:37:56+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:37:56.983 : OcNOS : PSERV : DEBUG : Keep-Alive message sent to systemd
2023-08-25T12:37:58+05:30 OcNOS su: (to root) ocnos on pts/0
2023-08-25T12:37:58+05:30 OcNOS su: pam_unix(su-l:session): session opened for user root by ocnos(uid=1000)
2023-08-25T12:38:03+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:38:03.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:38:13+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:38:13.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:38:17+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:17.201 : OcNOS : PSERV : CRITI : Module: ospfd has closed connection with PSERVD.
2023-08-25T12:38:17+05:30 OcNOS CML[4875]: 2023 Aug 25 12:38:17.204 : OcNOS : CML : CRITI : Module ospf disconnected with CML
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.229 : OcNOS : PSERV : INFO : Protocol pservd published protocol-module-down notification.
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.241 : OcNOS : PSERV : DEBUG : pserv SIGUER2 signal for module :ospfd
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.242 : OcNOS : PSERV : DEBUG : Crash Dump Directory not present
2023-08-25T12:38:20+05:30 OcNOS NSM[4639]: 2023 Aug 25 12:38:20.110 : OcNOS : NSM : DEBUG : G8031 : nsm_g8031_sync : Sync PG info to ONMD
2023-08-25T12:38:20+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:20.116 : OcNOS : PSERV : NOTIF : [WATCHDOG_PM_RECOVERED_4]: The module ospfd recovered from a critical error
2023-08-25T12:38:20+05:30 OcNOS PSERV[1595]: Signal SIGUSR2 received and restarted module: ospfd
2019 Jan 05 20:10:52.212 : OcNOS : OSPF : INFO : Interface lacp aggregator update flag 0
Custom Syslog Configuration with HOSTNAME
Logging is performed with IPv6 IP and verified by logs on remote PC (Logging server).
Topology
Figure 24-41 shows the sample configuration of Syslog.
Syslog Configuration topology
Enabling rsyslog
#configure terminal | Enter configure mode |
(config)#feature rsyslog [vrf management] | Enable feature on default or management VRF. By default this feature runs on the management VRF. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
(config)#hostname CUSTOM-SYSLOG | Change the hostname to custom-syslog |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
(config)#logging remote server custom-syslog 7 port 8514 vrf management | Redirect into the remote server configure the severity and custom port with vrf management (default custom port is 514). |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Validation
ocnos#sh running-config logging
CUSTOM-SYSLOG#sh ru logging
feature rsyslog vrf management
logging remote server custom-syslog 7 port 8514 vrf management
CUSTOM-SYSLOG#
#show logging server
Remote Servers:
custom-syslog
port: 8514
severity: Operator (debug-detailed)
facility: local7
VRF : management
Check the rsyslog messages in server at /var/log/OcNOS.log
2023-08-25T12:36:56+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:36:56.982 : OcNOS : PSERV : DEBUG : Keep-Alive message sent to systemd
2023-08-25T12:37:03+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:03.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:13+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:13.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:23+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:23.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:33+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:33.610 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:43+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:43.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:49+05:30 OcNOS sshd[11651]: Accepted password for ocnos from 192.168.230.131 port 57298 ssh2
2023-08-25T12:37:49+05:30 OcNOS sshd[11651]: pam_unix(sshd:session): session opened for user ocnos by (uid=0)
2023-08-25T12:37:50+05:30 OcNOS sshd[11660]: Accepted password for ocnos from 192.168.230.131 port 57301 ssh2
2023-08-25T12:37:50+05:30 OcNOS sshd[11660]: pam_unix(sshd:session): session opened for user ocnos by (uid=0)
2023-08-25T12:37:50+05:30 OcNOS CML[4875]: 2023 Aug 25 12:37:50.359 : OcNOS : CML : INFO : [CML_5]: Client [cmlsh (/dev/pts/0)] established connection with CML server
2023-08-25T12:37:51+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:51.214 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : terminal monitor
2023-08-25T12:37:53+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:53.330 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : en *New User Login*
2023-08-25T12:37:53+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:37:53.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:37:55+05:30 OcNOS CMLSH[11672]: 2023 Aug 25 12:37:55.570 : OcNOS : CMLSH : CLI_HIST : User ocnos@/dev/pts/0 : CLI : start-shell
2023-08-25T12:37:56+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:37:56.983 : OcNOS : PSERV : DEBUG : Keep-Alive message sent to systemd
2023-08-25T12:37:58+05:30 OcNOS su: (to root) ocnos on pts/0
2023-08-25T12:37:58+05:30 OcNOS su: pam_unix(su-l:session): session opened for user root by ocnos(uid=1000)
2023-08-25T12:38:03+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:38:03.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:38:13+05:30 OcNOS HSL[4598]: 2023 Aug 25 12:38:13.611 : OcNOS : HSL : NOTIF : [IF_PKT_ERRORS_4]: Oversized packets received on ge14 (1 packets)
2023-08-25T12:38:17+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:17.201 : OcNOS : PSERV : CRITI : Module: ospfd has closed connection with PSERVD.
2023-08-25T12:38:17+05:30 OcNOS CML[4875]: 2023 Aug 25 12:38:17.204 : OcNOS : CML : CRITI : Module ospf disconnected with CML
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.229 : OcNOS : PSERV : INFO : Protocol pservd published protocol-module-down notification.
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.241 : OcNOS : PSERV : DEBUG : pserv SIGUER2 signal for module :ospfd
2023-08-25T12:38:18+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:18.242 : OcNOS : PSERV : DEBUG : Crash Dump Directory not present
2023-08-25T12:38:20+05:30 OcNOS NSM[4639]: 2023 Aug 25 12:38:20.110 : OcNOS : NSM : DEBUG : G8031 : nsm_g8031_sync : Sync PG info to ONMD
2023-08-25T12:38:20+05:30 OcNOS PSERV[1595]: 2023 Aug 25 12:38:20.116 : OcNOS : PSERV : NOTIF : [WATCHDOG_PM_RECOVERED_4]: The module ospfd recovered from a critical error
2023-08-25T12:38:20+05:30 OcNOS PSERV[1595]: Signal SIGUSR2 received and restarted module: ospfd
2019 Jan 05 20:10:52.212 : OcNOS : OSPF : INFO : Interface lacp aggregator update flag 0