Best practise Cisco Router log configuration
I am looking for best practises how to configure Cisco routers and their logging. There are many options and levels and What I would like to know is what levels you are reporting to envision and what kind of useful reports you use with them.
thanks and regards
This all depends on what kind of report(s) you're looking for. Usually setting your logging option to debugging would cover systems information (interface, heatbeat, etc) and logins activities to the router. But if you're looking to track traffic by way of the Access list, then you will need to enable the log parameter to each access list and protocol (TCP, UDS, IP, etc). If the router has the FW feature set, and wanted to track the activity, then you' also need to configure the Audit trail.
Our OOTB reports generally cover all three options.
All this is laid out in the attach doc which you can download from our support site.
In the upcoming initial release of the Event Source Update (in September), RSA will updated the xml for the Cisco Router, as follows:
New Event Messages for Cisco Router
This update adds the following messages to the Cisco Router event source XML that pertain to the latest software releases of the following Cisco IOS feature sets: