cisco路由器和pix防火墙日志--搭建kiwi日志服务器-1

搭建kiwi日志服务器-1

先用路由器日志测试一下能否发送到日志服务器

1、安装kiwi，直接一步到底。

2、配置kiwi接收cisco

setup–>rules–>filter–>ip address、ip mask–>填入自己日志服务器所在ip

action–>display–>选择一个不是默认的显示窗口(这里配不配置的影响没有去实践，我觉得没影响，默认应该也可以)

3、搭建简单网络拓扑

R1

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f0/0
R1(config-if)#ip address 13.0.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#
*Mar  1 00:01:39.431: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 00:01:40.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int f1/0
R1(config-if)#ip address 192.168.0.105 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int f2
*Mar  1 00:02:06.687: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*Mar  1 00:02:07.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
R1(config-if)#int f2/0
R1(config-if)#ip address 14.0.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#end
*Mar  1 00:02:25.011: %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to up
*Mar  1 00:02:26.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, changed state to up
R1(config-if)#exit

//开启日志
R1(config)#logging on
R1(config)#logging host 192.168.0.106
R1(config)#logging facility local7
R1(config)#logging trap 7
R1(config)#logging source-interface f1/0
R1(config)#exit


//开启远程终端，为后面测试
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#line vty 0 4
R1(config-line)#password zwish
R1(config-line)#end

R2

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#ip address 13.0.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#
*Mar  1 00:09:38.855: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 00:09:39.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#end

R3

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#int f0/0
R3(config-if)#ip address 14.0.1.2 255.255.255.0
R3(config-if)#no sh
R3(config-if)#
*Mar  1 00:11:23.151: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 00:11:24.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R3(config-if)#exit
R3(config)#line vty 0 4
R3(config-line)#password zwish
R3(config-line)#end

然后桥接本地网卡（略）

R1开启icmp和telnet流量监控

R1#debug ip icmp
R1#debug telnet

4、测试

R2 ping R1

这里我ping R3，好像没有监控到，可能是不会记录吧。。还没弄明白

R2 telnet R1

以上只是简单的实现了路由器的日志能发送到日志服务器，还有很多地方还存在疑问和瑕疵，防火墙的日志慢慢来弄。。