• March 23, 2019, 07:40:48 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Monitoring Network Changes via Syslog  (Read 5130 times)

0 Members and 1 Guest are viewing this topic.

Offline mbryan

  • Rookie
  • **
  • Posts: 10
Monitoring Network Changes via Syslog
« on: April 23, 2012, 05:42:37 PM »
Hi guys. I found your wonderful forum looking for an answer to this question, so I'll post it here.

I'm aware that Cisco devices generate a SYS-5-CONFIG_I log entry whenever someone enters configuration mode on a Cisco device. However, I was looking for similar logging (syslog specifically) messages that are generated by other non-Cisco devices. I am particulary interesting in messages from HP Procurve, H3C, and Nortel equipment. Does anyone know of a straightforward way that I could find this kind of info. I've tried both general Internet searches plus reading through vendor docs, but haven't has much success.

Thanks in advance!


Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 955
Re: Monitoring Network Changes via Syslog
« Reply #1 on: April 24, 2012, 03:44:29 AM »
Hi mbryan and welcome to the forum,

In the Nortel/Avaya World you can enable the 'audit log' which will log all your CLI changes.  I don't believe it will log SNMP changes though?

CheerZ

Offline mbryan

  • Rookie
  • **
  • Posts: 10
Re: Monitoring Network Changes via Syslog
« Reply #2 on: April 24, 2012, 09:23:11 AM »
Thanks for that info. I wasn't aware of that for the Nortel devices. That seems like it will help me find what I'm looking for for those devices. However, I am not looking for any SNMP based solutions...I am looking solely for syslog-type messages. Thank you!

Offline TankII

  • Hero Member
  • *****
  • Posts: 551
Re: Monitoring Network Changes via Syslog
« Reply #3 on: April 25, 2012, 05:48:00 PM »
Nortel/Avaya switches use a tool called Java Device Manager.  It employes SNMP to envoke changes.  Those changes are not captured in the syslog - that's what Flinstone meant.
CLI and WEB changes can be captured via Syslog.

TankII

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3839
    • michaelfmcnamara
    • Michael McNamara
Re: Monitoring Network Changes via Syslog
« Reply #4 on: April 25, 2012, 09:47:34 PM »
Are you sure it logs changes within EDM (web GUI)? I didn't believe that was available yet.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline mbryan

  • Rookie
  • **
  • Posts: 10
Re: Monitoring Network Changes via Syslog
« Reply #5 on: April 25, 2012, 10:02:13 PM »
Nortel/Avaya switches use a tool called Java Device Manager.  It employes SNMP to envoke changes.  Those changes are not captured in the syslog - that's what Flinstone meant.
CLI and WEB changes can be captured via Syslog.

TankII

I'm familiar with JDM, but you're right...I didn't realize that's what he was referencing. What I find odd in this situation is the fact that there are multiple methods to make the "same" change on a device (as you have pointed out, JDM, web interface and/or CLI), yet an audit log entry is only depending upon which method you use to make the change. It Doesn't make sense to me. A change is a change is a change, regardless of tool to accomplish the change.

Offline TankII

  • Hero Member
  • *****
  • Posts: 551
Re: Monitoring Network Changes via Syslog
« Reply #6 on: April 25, 2012, 10:21:13 PM »
Radius Accounting has been a thorn in these switches' sides for a long time.  I kept bringing it up every time I was involved with a beta.  Accounting for 802.1X is what the command is for, not accounting while logged in for administrative functions.  The 8600 does support true Radius Accounting for all functionality.
I need to test 6.2.4 (we finally are building a lab of our own with 5698 and 5520's!) to see if they addressed all of the EDM command accounting via Syslog.  Some was available in previous versions, but as Michael pointed out, it was not complete.

TankII

Offline jfarinha

  • Full Member
  • ***
  • Posts: 67
Re: Monitoring Network Changes via Syslog
« Reply #7 on: April 27, 2012, 06:06:36 PM »
And how do you enable it in 6.4? I have a couple of 5520's on my desk with that version installed I can test out...

Offline TankII

  • Hero Member
  • *****
  • Posts: 551
Re: Monitoring Network Changes via Syslog
« Reply #8 on: April 29, 2012, 02:28:24 PM »
This is what we are set up for.

logging enable level informational nv-level serious
logging remote address 10.16.17.30
logging remote level serious
logging remote enable
snmp-server host 10.16.17.30 "public"
radius accounting enable

Up the logging level and see if you get what you want.