CISCO-C2960日志分析

By on February 24, 2017

配置日志转发步骤

配置日志服务器

  1. vi /etc/rsyslog.conf
  2. 打开如下行
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

local7.*                                                /var/log/boot.log

可以看到转发的日志如下:

Feb 23 23:13:18 84.238.35.1 25513: Feb 23 23:13:18 GMT: %SYS-5-CONFIG_I: Configured from console by cisco on vty0 (84.239.224.109)
Feb 23 23:14:34 84.238.35.1 25514: Feb 23 23:14:35 GMT: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Fa0/6
Feb 23 23:14:34 84.238.35.1 25515: Feb 23 23:14:35 GMT: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Fa0/12
Feb 23 23:14:34 84.238.35.1 25516: Feb 23 23:14:35 GMT: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Fa0/6
Feb 23 23:14:35 84.238.35.1 25517: Feb 23 23:14:35 GMT: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Fa0/12

Back to blog