Weak current College】 【router log problems eliminate skills summary.

<br> <br> Router log defects swept tips meeting, router log problems handling queries is very worthy of discussion, in the "view syslog with" good time period in the configuration, and then configure the internal firewall start time period certain functions are .basically OK. <br> <br> Log on to network security is key, he documented the system every episode of all sorts of things, you can resolve that he came to check error causes of seizures, perhaps when the attacker attacks left the scene .. A router is a variety of information transport hub, is widely used in enterprises and institutions of the network set up, to assume the LAN local area network and wide area network between and asked the burden of convergence. <br> <br> Cisco .is now using the analogy of a router in General and, in many industry system has widespread use. The following is the net-trapped in the daily task of some on Cisco router log defects of understanding, these instances are used in practice and inputs in .debug that, for the masses. <br> <br> Some of the main information router can seek the syslog facility on the internal network of Unix host for the router log doesn't work. In the router running processes, the router will send .to the log host contains link building failure information, packet filtering information, and so on log information, log on to the log host and network maintenance staff to understand log, the log file analysis can assist in maintenance enforcement problems positioning, wrong sweep and network .security maintenance. <br> <br> View syslog is equipped with <br> <br> The first brief syslog with, which is the standard Unix, trace record mechanism, syslog can record something or locally resolve network recorded another host, and then .write that information into a file, or with, or send a message to the user. <br> <br> The primary basis for syslog mechanism in two major documents: / etc / syslogd (daemon) and the / etc / syslog.conf .configuration file, the control is determined by the syslogd / etc / syslog.conf to do. Syslog.conf file specified in the order records router log syslogd wrong behavior, the sequence at startup query syslog.conf configuration file. <br> <br .> This file consists of different order, or a single entry into categories, each on a separate line. For each type of audio provides a selection of domains and a measure field. These fields are separated by tab (Note: to use the tab key .to separate, you cannot use the SPACEBAR), select the domain type of the specified audio and priority; initiatives accepted domain to a specified sysloqd and pick the specification phase marriages performed when the message arrived. <br> <br> Each option is equipped .and priority. That is the first column and write "where" and "what level". Then use the tab key to skip to the next bar continue to write "coupling conditions now what to do". When specifying a priority, syslogd will record .two have the same or higher priority news. Each row of the domain specified when selecting fields were selected after a given audio should be sent to him. The first column contains the circumstances and level, separated by a decimal point. Detailed settings as follows: .<br> <br> 1. in what cases recorded <br>, óÜ Various different situation to the following universal conspiracy to resolution: <br>, óÜ Auth on system security and application to certification; <br>, óÜ Cron on system .automatically sort performs (CronTable); <br>, óÜ Daemon on background execution order; <br>, óÜ Ken about System Center; <br>, óÜ Ipr on the printer; <br>, óÜ Mai1 on e-mail; < .br> ¬ ° √ î news about message forum; <br>, óÜ Syslog records on the system itself; <br>, óÜ The user on the application; <br>, óÜ Uucp copying each other on UNIX (UUCP). < .br> <br> 2. what level records P <br> <br> For example you want to record the info level things, notice, err, warning, Crit, alert, emerg, etc in the info level above will also be recorded .. The above written by 1, 2, combined with a decimal point is out of the wall's "what you want to record" wording. <br> For example mail.info that e-mail delivery system of General information. Auth.emerg is .on system security is a serious message. Ipr.none said do not record information about printer (often used in multiple record condition combinations used). In addition there are three special symbols are available: <br> <br>, óÜ The asterisk ( .*): represents a detail in all projects. For example mail. * represents just the mail, no matter what level are recorded. And *. info will give all levels of the infn to record down. <br> <br>, óÜ .The equal sign (=): indicates that only records the level now, its not recorded on the grade. For instance, the example above, always write the info level, will be located in the info level above notice.err.warning, crit ., alert, emerg, other levels are also recorded. But if you write = info you would only need to record the rank info. <br> <br>, óÜ An exclamation point (!): indicates that no records are now the level .and the level. <br> <br> 3. record storage location <br> <br> Sysloqd provides the following methods for you to record system attack of things: an ordinary file, this is the most common way. You can specify the .file path and the file title, but required to catalog the symbol "/" the beginning, the system will know that this is a file. For example / var / adm / maillog said toRecords to a known as below / var / adm maillog file .. Assuming without this file, the system will automatically occur. <br> <br> Specifies the terminal or other equipment: <br> <br> You can reach the system records written to a terminal or equipped. The system records written to the .Terminal, it is now being applied to the Terminal users will see on the screen directly in the system information (for example / dev / conso old or/dev/tty1, you can take a screen designed specifically to display system information). The system .records written to the printer (for example p0/dev /!)., Then you will have a long record of printed full system so that the paper network intruders cannot amend the router log defects to potential intrusion traces. <br> <br> .The specified remote host: <br> <br> If you do not use the system information recorded on the local machine, you can write down the network with the title of another host, and then the title of the host first surface combined with the ."@" symbol (for example (@), but are you ccunix1.variox.int specified host must be sysloqd). This prevents the situation because of a hard disk error, so that the router log defects files lost. <br> < .br> Above is the syslog level the records and records of wording, can according to their own needs, under their own need to be recorded. But these records are constantly added, unless you remove the file itself, otherwise the files will become larger and .larger. Syslog is equipped with a network of the attacker's significant purpose, resolved to amend the log to potential intrusion traces, and therefore it should be borne in mind. <br> <br> It is best to make each week (or less) .regular inspection of a recorded file of the habits and outdated records file in accordance with the serial number or date of the backup, you can also compare now lookup. Do not record *. *, so no matter what is written down, the result will .incur file is too large to find information on basic cannot immediately find out. Someone has entered a blog, and who to ping host to his records, it does not only reduce the system efficiency and added a hard disk usage. <br> <br .> Router log fault functions detailed configuration methods: <br> <br> The first in the UNIX host to do the following tasks to super user registration entry: 168.1.1.2 to log the IP address of a host. This router implementation of some actions .will be documented in mail_debug and r2509_debug both files. <br> <br> <br>.