Chapter 18. Logging Events

This chapter discusses how to set up logging on your perimeter router. Logging is an important process in keeping track of events that occur in your network, especially on your perimeter router. On your perimeter router, you definitely will want to keep track of intrusions and attacks, and the router's logging function can greatly assist in this process.

In this chapter, you learn how to use the various log facilities of a Cisco router, including the console, buffer, and syslog locations. Because timing and time stamps are important for understanding the sequence of events, this chapter covers how to set up time on your router, including manual time settings and the Network Time Protocol (NTP).

New in Cisco IOS 12.3(2)T is the Embedded Syslog Manager (ESM) feature, which allows your router to perform tasks based on the type or severity of a log message. ESM uses Tcl, which provides a lot of flexibility in coding what actions your router will perform. I also discuss other third-party products that you can use to make the management of your log files easier.

These topics are covered in this chapter:

• Basic logging

• Time and date and the Cisco IOS, including manual time configuration and NTP

• Embedded syslog manager

• Additional logging information, including logging tools