Network technologies and trends

Aug 20 2008   6:22AM GMT

What is Service timestamps logging, and how it can be configured Cisco Switch or a Router?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Logging is a quite essential part of a secure network configuration. Logging not only helps the Network Administrators to identify the issue while troubleshooting, also enables them to react to intrusion attempts or Denial-of –Service attacks.

By default  on Cisco IOS , no timestamp information is included; however, you can enable timestamps and also modify the format of the timestamp attached to SYSLOG message by using the service timestamps log global configuration commands as follows:

ITKE(Config)# service timestamps log {uptime |datetime [msec |localtime |show-timezone]}

I will demonstrate how to configure a Cisco IOS Switch to log the datetime and loclatime.

Before Configuring the service timestamps log you will get the following logs in a IOS Switch.

ITKE#sho log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

   Console logging: level debugging, 453895 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 453895 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

    Trap logging: level informational, 453898 message lines logged

        Logging to 10.0.0.2  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              453898 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

        Logging to 10.0.0.1  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              453898 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

          Log Buffer (4096 bytes):

17w5d: %LINK-3-UPDOWN: Interface GigabitEthernet0/41, changed state to down

17w5d: %LINK-3-UPDOWN: Interface GigabitEthernet0/41, changed state to up

17w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/41, changed state to up

17w5d: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.6(49336) -> 0.0.0.0(23), 1 packet

Now we will configure the Cisco IOS Switch with the Service timestamp log command with date & local time of the Switch by issuing the following command from the global configuration mode. 

ITKE(config)#service timestamps log datetime localtime

Here are the details of log show in the switch after configuring the service timestamps log command

ITKE#sho log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 454006 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 454006 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

    Trap logging: level informational, 454009 message lines logged

        Logging to 10.0.0.2  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              454009 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

        Logging to 10.0.0.1  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              454009 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

         

Log Buffer (4096 bytes):

Aug 20 09:10:48: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to up

Aug 20 09:10:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to up

Aug 20 09:10:55: %SYS-5-CONFIG_I: Configured from console by yasir on vty2 (10.0.0.6)

Aug 20 09:11:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to down

Aug 20 09:11:20: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to down

Aug 20 09:11:22: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.1(44420) -> 0.0.0.0(23), 1 packet

Aug 20 09:11:23: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to up

Aug 20 09:11:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to up

Aug 20 09:11:37: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.6(49493) -> 0.0.0.0(23), 1 packet

ITKE#

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: