1 hour 43 minutes
Hi, everyone. And welcome to the CIS log demo.
As you can see there, three devices that will be working on for this lab. We have rose zero with an i p o wanting to that one. Succeeded to that one
switch zero with the i p of wanting to that one. Succeeded to the five and server zero with an i p of one into the one succeeded to that 10
before anything else. Let's do a quick pink tests to verify the connectivity between devices. So let's have the words rather zero.
so we go with enable and that's pink to the switch into. Once you thought to the five.
and one into one succeeded to that 10.
And there you have it.
Now let's begin with configuring, sis. Log on, Rose zero.
It's a simple command. After you configure terminal,
the command would be logging hosts and the I P address off the server, which is 19 to 168 30 to 10.
This is the server that will be sending the logs to
after you ended. You can see that you're prompted that the logging host has started
and if we go to the server,
This chick of this? Anything sent over yet?
All right, let's for for this. This log is on and you can see there
is already receiving their first
It started basically.
Okay, let's add in a little bit more messages. So let's try
to debug I p i c m p
and do another ping tests to the server.
And as you can see, there is displayed.
Now, let's see what happens when we tried to shut off the interface.
has tried to
Ask T through net 00
and the show off the port.
All right, so what does the log see?
You can see there that it's down,
which is also prompted as well on the device
where line protocol interface
past seeking that 00 has changed state to down.
And when you switch it back up,
it will also be censuses. Log server,
All right. List. Tried to see the message a little bit better.
All right, they go.
Just stay. Two up.
Change states of down.
So, basically, what we've learned is by enabling that single command logging hosts and the I P address of this, a slog server
is displaying all severity levels within a device.
If you wanted to filter out the messages a little better, you can definitely do that with a command using logging trap
and the severity level number. For example, for critical, you could put logging trap, too,
or basically logging trap critical
so into the command here.
So I'm sure some of you have noticed something a little bit off with the CIS log messages, which is the time Keep saying January 1st. So how are we able to solve this there two ways, actually, which is configuring the time manually on the device or through NTP or network time protocol?
Let's configure a manual time on Swiss zero and then
Let's start by configuring the manual time on switch zero and then we'll head over to rose zero for NTP configuration.
So let's close off writers euro. For the meantime,
open up switch zero.
Since we haven't figured anything yet. Answer. Zero. Let's start that now.
A figure terminal
logging host one into 168 but to the 10. But before that, let's clear the logs to have a better
view off. Switch zeros, logs.
And then that. Let's configure the time manually. So now it is. 1 15
24. October 2019.
All right, let's see what happens. Just debug your as well
into a pink test to the server
to the 10.
All right. The only to refresh this are there you go.
Second see from the switch to the five
is capturing the logs.
However, you can see the times still maintain that January 1st.
So what else have we forgotten?
Which is service
date, time and milliseconds. Let me double check this. Not missed anything out. Okay, Since that's the Olney command for this simulator, let's enter that.
All right? And then let's do another pink test
to the 10.
Let's refresh it here.
On. There you have it.
check the time.
So the time seemed to
go down this same. All right, so you can see that
time has changed
as you've manually configured.
So the only thing missing earlier was just the service time stamps.
This base. This command basically
includes the time to be sent with to this a slow server
and always remember after a new configuration, do keep a copy and save your new configurations. We just copy, Run, start or copy. Running config Starting a startup Config.
Just copy. Running config.
Either way would work. Well,
all right, let's start configuring for NTP on rather zero. So let's close ups. Which zero?
Clear the log here
and its head over to rudder zero.
This one's a little bit different, so you'll have to configure
and tp server
for this example. Our CIS log server will also be our NTP server,
so just double check that it's on. Yes, it is at the time now and at this date.
Okay, all sets. All good.
Let's continue with the configurations for 00 Just NTP server
wanting to the one succeeded to 10.10.
All right, so if we were to use show clock here,
you could see the time now as it is smashing with the server,
which is nine. Right?
let's do another pink test.
All right, let's manually refreshes
and again with the switch.
Similarly, with the switch, I should see
we'll have to add in the service time stamps. Log
date time and
let's do another pink test.
Refreshed the slog.
And there you have it
sis logs, which is definitely more accurate.
And remember to always, always save
and we're done with their systolic dembo. Thank you, everyone. Its head over Tauron next module, which is about net flow.
Penetration Testing and Ethical Hacking
The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course ...
7 CEU/CPE Hours Available
Certificate of Completion Offered
CompTIA Security+ 501
Empower yourself as a security professional by gaining the fundamental knowledge for securing a network ...