Configure Network Device - Cisco IOS Device

This article will walk through the steps to configure Cisco IOS devices to send syslog messages to the RocketAgent Syslog Server

To send syslog messages from Cisco IOS-based devices, connect to the device via SSH or telnet and run enable to become administrator.

Enter the following commands:

configure terminal
logging host <ip_address> transport udp port 514
logging facility syslog
logging trap debugging
write memory

Replace <ip_address> with the IP address of the RocketAgent Syslog Server


Ensure these events are enabled

Cisco IOS event ID                              Description 

"%IDS-4-IPFRAG_ATTACK_SIG"           "IP Fragment Attack" 
"%IDS-4-IP_IMPOSSIBLE_SIG"             "IP Impossible Packet Attack" 
"%IDS-4-ICMP_FRAGMENT_SIG"         "Fragmented ICMP Traffic Attack" 
"%IDS-4-ICMP_TOOLARGE_SIG"          "Large ICMP Traffic Attack" 
"%IDS-4-ICMP_PING_OF_DEATH_SIG" "Ping of Death Attack Attack" 
"%IDS-4-TCP_FRAG_SYN_FIN_SIG"      "TCP SYN+FIN flag Attack" 
"%IDS-4-TCP_FIN_ONLY_SIG"              "TCP FIN only flags Attack" 
"%IDS-4-RPC_CALLIT_REQUEST"         "Proxied RPC Request" 
"%IDS-4-UNAVAILABLE"                      "FTP Improper Port Specified" 
"%IDS-4-UDP_BOMB_SIG"                   "UDP Bomb attack" 
"%IDS-4-UDP_SNORK_SIG"                 "UDP Snork attack" 
"%IDS-4-UDP_CHARGEN_DOS_SIG"    "UDP Chargen DoS attack" 
"%SEC-6-IPACCESSLOGP"                    "Reputation lookup on connecting IPs" 
"%IDS-4-TCP_FRAG_NULL_SIG"           "TCP NULL flags Attack" 
"%SEC_LOGIN-5-LOGIN_SUCCESS"     "Successful User login" 
"%SEC_LOGIN-4-LOGIN_FAILED"         "Failed User login" 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section