This article will walk through the steps to configure Cisco IOS devices to send syslog messages to the RocketAgent Syslog Server
To send syslog messages from Cisco IOS-based devices, connect to the device via SSH or telnet and run enable to become administrator.
Enter the following commands:
configure terminal
logging host <ip_address> transport udp port 514
logging facility syslog
logging trap debugging
exit
write memory
Replace <ip_address> with the IP address of the RocketAgent Syslog Server
Ensure these events are enabled
Cisco IOS event ID Description
"%IDS-4-IPFRAG_ATTACK_SIG" "IP Fragment Attack"
"%IDS-4-IP_IMPOSSIBLE_SIG" "IP Impossible Packet Attack"
"%IDS-4-ICMP_FRAGMENT_SIG" "Fragmented ICMP Traffic Attack"
"%IDS-4-ICMP_TOOLARGE_SIG" "Large ICMP Traffic Attack"
"%IDS-4-ICMP_PING_OF_DEATH_SIG" "Ping of Death Attack Attack"
"%IDS-4-TCP_FRAG_SYN_FIN_SIG" "TCP SYN+FIN flag Attack"
"%IDS-4-TCP_FIN_ONLY_SIG" "TCP FIN only flags Attack"
"%IDS-4-RPC_CALLIT_REQUEST" "Proxied RPC Request"
"%IDS-4-UNAVAILABLE" "FTP Improper Port Specified"
"%IDS-4-UDP_BOMB_SIG" "UDP Bomb attack"
"%IDS-4-UDP_SNORK_SIG" "UDP Snork attack"
"%IDS-4-UDP_CHARGEN_DOS_SIG" "UDP Chargen DoS attack"
"%SEC-6-IPACCESSLOGP" "Reputation lookup on connecting IPs"
"%IDS-4-TCP_FRAG_NULL_SIG" "TCP NULL flags Attack"
"%SEC_LOGIN-5-LOGIN_SUCCESS" "Successful User login"
"%SEC_LOGIN-4-LOGIN_FAILED" "Failed User login"