6.3 a+b syslog, debug, conditional debug, timestamps - CCNP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
you are now tuned in to the network the youtube channel that takes complex networking topics and dumbed them down to a more simpler layman's terms today's topic is section 6.3 configure and verify logging we're going to go ahead and continue with the rest of these topics that we uh cut off from yesterday we did local logging today we're going to cover syslog debugs conditional debugs and we're going to also cover 6.3b timestamps these are topics in the ccnp route exam it'll be known as the ccnp enterprise exam come february 24th 2020. let's go ahead and take a look at the exam blueprint and see where we came from where we're headed hashtag lab every day go ahead and visit lab everyday.com also go ahead and check out certificationkids.com where we're going to cover the syslog lab and also check out sound like a damn tv station don't i um go ahead and check out networklessons.com and gns3 volt.com that's where i get the gns3 labs all right so this is the exam blueprint implementing cisco ip routing we are doing uh exam code 300-101 it'll also be covered in most likely exam code 300-401 which is the core route exam or core ccnp exam we just wrapped up the section 6.3 a local logging right but we just did local logging right today we're going to do syslog debugs we'll also do conditional debugs and then we're going to go ahead and throw a little time stamps because that should be a quick one i was going to separate these in a couple videos and i said you know what i i should be able to talk about all this in one video i don't want to have y'all flipping next to the next next next video right let's go ahead and discuss syslog messages we discussed local logging in uh the last video so basically it's almost the same thing as syslog because you see syslog or logging messages on your screen right the only difference between the two is the logging messages are on your screen and they are stored locally on your device right syslog is when we take these messages and we dump them off onto a server let's take a look at this topology real quick we we pretty much discussed this in the last video let's say we have uh somebody logs into this firewall right but they put the wrong password and they get an authentication failure right we could keep that log message locally on our server i mean on our firewall we can see the log message says boom somebody failed and keep that log message on the firewall or we could do syslogging where we take the log message and dump these messages onto a server and that's what we're gonna do in this lab today i got hardware we got a switch a router and we're going to install kiwi syslog server which is a free application that you can get i'll send you all a link and put it in the description below so we're going to take these messages and dump them onto a server now we're not going to do this portion right here because basically that's like if you're an administrator and you have these messages you you might be out on the road somewhere or you know in the middle of an office you know an important and an important meeting right and uh if the network goes down you'll get that alert on your phone and that's what we're doing we can we can export these messages to uh you know to your email or to your phone you'll get an alert and you'll know about the anything that happens on your network before even somebody even calls you about it so we can also again view logs by just doing a show log we can choose the size of the buffer within our local device right but this is locally right we want to dump them off onto a server which will probably have more space to log the or keep these logs right so that's one thing we can do now this is more of a local logging command this is internal so we don't have to really worry about this part uh again we talked about what syslog messages are if you want a quick review you can look at this video or we'll just do a quick one today remember there's eight levels for uh the type of messages right level zero is if it's a really something really serious the system is unstable we need to really hurry up and look at this device if it's a level zero message right all the way to level seven level six is informational level seven you'll be it's like debugging messages you can see something like oh no like ospf recalculating and then that would be a debugging message or if somebody pinged your device you can get a debug you can create icmp debugging and that's what this is so facility and sub sub facility could be like you know the protocol that that made the message so you just say like eigrp severity is one of these levels right here zero through seven mnemonic would be like a shortcut so it might say just like eigrp right and the message text is just a full sentence of or not full sentence but a more clearer uh message of what exactly happened this is another example of a breakdown same thing we did in the last video if you want to pause and freeze frame and i'm not going to keep talking about the same thing sound like a broken record that's another syslog example let's go ahead and jump right into it we got some hardware shout out again to certificationkids.com that's where i first got my you know equipment when i was buying stuff you know when i first started getting into this networking stuff go ahead and check them out you know they can be a little pricey but you know if you don't really if you want everything bundled up in one package that's a good site to check out and they come up they come with lab books they come with posters and all kind of stuff you know so go ahead and check them out let's go ahead and fire these bad boys up i have the switch fired up right now yeah we have everything fired up right now so let's get right into it all right so here is the it's probably going to be working with today right we got router 1 over here his ip address is going to be 182 168 10.1 right and i have that cable to a switch which is down here it's a 3750 switch and he is plugged into faa01 of that switch and the switch has another ethernet cable going to the syslog server which is the laptop you're seeing here the screen here and his ip address is 182 168 10.2 and he is plugged via going out of fa02 into the nic card of the of this laptop actually so i have this this laptop configured as a server so um since here logging on a cisco device is very important in researching recent events ensuring proper operation and when reviewing device history when troubleshooting problems so we're just going to skip all of this this is basic stuff that we just covered here and the first thing they want us to do ensure logging is on how do we do that we just do logging on i believe you can also do logging host and then uh save the host is right so in this case we're in global config mode we say logging what are options here most of the logging features start with the keyword logging we can do the host name or we can just do logging on to enable logging on all enabled destinations so we're going to say we're just going to say logging on and that's going to turn it on right this next command specify says here specify the server that will receive syslog messages from router by issuing the logging ip address which is the i command where ip addresses the average external server what's the external server address we said it's going to be 18168 10.2 we're going to also fire up the syslog server again you can go to i believe it's solarwinds or kiwisyslog.com i don't remember but i'll put the link in description below that's the application right there we're going to go ahead and launch that and here it is right here so now we've enabled logging it says here they want us to uh specify the server so in this case it is logging ninep address 182.168.10.2 and that's where we did that next thing they want us to do is to limit the severity level of the syslog messages sent to the syslog set the appropriate login trap level with the logging trap level command there are eight severity levels just like we mentioned and here they are right here again but this is written out in alphabetical order right here also they want us to set the logging trap to debugging which is basically level seven which is basically they want us to log every little thing that happens on this device you know when something pins it when something when some traffic goes through it so right now we do that with logging trap and what are our options here this the eight levels right zero through seven they said debugging so debugging is level seven so debugging what are our other options that's it that's what the content sensitive help is we hit enter there we will test and verify by running the icmp debugging command and ping the router's own ip address and view what happened in the syslog server so once we do that we need to go to privileges exec mode and ping ourself but we're going to go we're going to debug our icmp packets made basically saying anything that has to do with pinging or icmp messages let me know about it and that's what we do with that debugging command right there but you'll notice we'll even get a syslog message even after we exit out of this right so we set it to debugging right if i exit out of this boom we got a message we also got another message here so first let's let's look at these two messages we got a level five message remember in the last video we said every time we exit out of privileged or uh global config mode we'll get a message saying it was configured from console by console and that's what happened here that was a level five message that came in right here right then we got a level six message that says what's level six again level six is um i believe informational right no level six is yes level six is informational and it says logging host start stop that's the mnemonic and then planning listen just says login to host 182.168.10.2 on port 514. i forgot to mention that to y'all messages are sent through udp port 514 and it started on see it this was it started cli initiating so we initiated this logging on cli via the cli right so now we're going to debug ipitp messages debug ip icmp so icmp packet debugging is turned on um now anything that has to do with pinging we're going to get debug messages right so notice this is almost like snmp but we're seeing the exact messages uh of this is just syslog right so now what are we going to do here we're gonna go ahead and ping ourself ping 192.168.10.1 now we got all these syslog messages coming in right these are all these are not syslog these are just debugging messages we paint ourselves right now we got these debugging messages right here that came into the syslog server right they just came in we could do that's the latest one that came in right there right so basically we paint ourselves and we see those messages we're gonna see what happened here what we've done so far with show logging we've got 80 messages that were logged right we didn't set the log size the log size by default is 40 96 bytes we've got what else did we do here we're logging to 182 168 10.2 which is the laptop with this the syslog server we are doing that through udp port 514 just like i mentioned audit is disabled link is up and how many messages we got here one two three four five six seven eight nine ten 11 12 messages right and that's what it says here 12 message lines locked and that's what happened there right what else we got going on here next we'll enable the community string on router 1 the default strings so this is more snmp stuff if you want we could just do a little quick review on snmp so we are going to go to file setup and go to snmp here we're going to make sure that these options are the same right port 162. remember we said that on the last video ipv6 is port 163 i guess i didn't mention that syslog local 7 debug syslog oid value these are the fields we're going to be looking at so all of this is by default we'll leave all of this as is we're going to listen for snmp traps click apply okay let's go ahead and clear these bad boys and we're going to set up snmp on router 1. the default values are so we're going to use the default community strings but remember this is not recommended as it says here so we're going to go to global config mode snmp hyphen server community router underscore one we're setting it to read only only right now enable all snmp traps to be sent and specify the location of the snmp server where traps will be sent we're going to send it to 10.2 which is this laptop here or the snmp server right right we're going to say snmp hyphen server traps snmp we're going to say snmp hyphen server host the host is the server right this uh syslog server 168.10.2 the community string is router underscore one then we're gonna test and verify to see if let's see it recording in a syslog server we're gonna bring up interface loopback 99 basically interface loop loop back 99 once you create one it automatically goes up we should see it come up right here syslog server and it is up this is a level five message change state to up okay so moving right along debugs debugs are useful tools when troubleshooting specific issues there are way too many debug commands to go over here but you can apply and view them by the typing debug and question mark and router which we will do in a little bit to disable current debug just issue the same command with no preceding it no preceding it so you just do no debug and then whatever it is or you could turn off all debugging by just doing undebug all or just use space all which i do i try to do a lot you space all and that turns off all debugging now remember there's eight severity levels right and debugging the messages are level seven right so that means every little thing i have is on this router you're going to get a message on it right well we can turn them off and turn them on with the debug command and then you can choose what type of debugging you want to see it we will fire up gns3 and play with that a little bit as you can see here debugs can be bad okay the downside of debugs is that they can produce a huge amount of information so it's just like i said what about with the security guard that's gotta log every single thing that's happening which may overload the router right so your cpu can be spiked because of this however you can use a conditional debug to limit the information based on a specific interface or protocol here's an example of below this is a conditional interface for serial zero one zero and uh we are conditioned we are setting condition for our ospf packets so first line he debugs ipo spf packets right well that could be a lot if we had a lot of ospf activity being you know on our router or if spf is being recalculated a lot right well if we do a debug condition and then and then do that on interface serial one zero we can do a show debug condition and then you know choose what type you know what type of ospf we want to um debug and i'll we'll do an example of that in the um example in gns3 let's go ahead and fire up gns3 and play with a little bit of conditional debugging alright guys so we got a simple lab here for the the conditional debug right we got router frank on the left-hand side right of eric on the right-hand side they're sitting in network 192.168.12.0 here's that one that interfaces.2 all ip addressing ospf and rip has been pre-configured we only got one step here and we're going to move on to service time stamps step one just says enable the debug on router frank which only shows rip information on the f800 interface you're not allowed to use any access lists well we're not going to use access to this right because we know how to do a conditional debug we said to do a conditional debug we could just do debug condition choose the interface and then we can verify that with show debug condition right so right now let's go ahead and turn on debugging for rip actually before we do that let's go ahead and see if we let's verify our protocols that we're running here we're gonna use show ip protocols you can see we are running ospf as well as rip right also we could also verify that with rip we are advertising the f800 as well as loot bag zero right but he says here he wanted us to show rip on the fa-00 interface and that's what we're going to do here so first of all let's go ahead and before we do that let's do debug question mark like i mentioned and look at all these debugging messages you can send to your router right or have you know have delivered to you and this is just so many debugging commands we you just can't cover them all we can probably have to do a course just debugging at all which we're not going to do so we're going to say debug ip and we're going to do just rip packets right here's here's the ip just ip and gen just ip right here right that's just our ip so we're going to do our ip we're going to turn on rip in general right so here's some debugging messages we've got already here we've got a debug message via fast ethernet zero zero right here well that's good right what else we got going on here so i think rip updates come every what every uh every 30 seconds right so we got another f800 rip update right there there goes another loopback there goes an update right there via lootback zero right there's one via f800 well we said we wanted to filter it down to just fa0 right so let's go ahead and stop these bad boys real quick just so uh let's do it you all like we said now all debugging has been turned off we should stop getting those messages right and then he said to enable the debug so it shows only rip information on f a zero zero so we're gonna go to f a zero zero actually we're just gonna say debug condition right what are we gonna set the debug condition to the interface f a 0 0 right what are we going to want to do the context sensitive help says that's all we need to do right we're setting a debug condition on interface f a 0 0 now we have one condition set we could do a show condition condition we have one flag triggered we can turn back debugging for rip debug ip rip rip protocols the uh debugging is on and now we have a message from rip via f80 theoretically they should not be coming on uh the loopback anymore again you could look at the solution on gns3volt.com and renee also explains it his way as well there goes another message on fa00 i don't believe we're going to get any more on uh on uh on the loopback we'll check one more message there there's another message and they're all coming in on fa zero zero they're no longer coming on the field we can verify that again with show debugging condition and they have one flag triggered here and that's our one condition finally we set up time stamps i know we've been talking about syslog and stuff like that and when i broke down the syslog messages i didn't even talk about the date and time stamps right because i thought that was just a given but you can turn those off so here's some um announced timestamps is a service if the router is configured to receive time from an ntp or rent network time protocol server the time in the router log entry can be different from the system clock time if the option is not in a service timestamp log commands you can configure timestamps for your debugs or logs with the following we do service timestamps and then debug now we can try it out let's go ahead and try that right so notice our timestamps here we've got them set from march 1st double zero 17 right now we can turn those messages off right we just turn those off right so um let's do a show run to see we're running that time stamp service and we are we're doing service timestamp debug by default those are turned on right so we can just do let's do a you all turn those bad boys off right because that was getting annoying and say no service time stamps right we can do debug right we do that right for debugging messages now if we get out we're going to generate a debug when we get out of uh user global config mode right that's not a that's a syslog message that's not a debug message so we need a debug to see we turn off for debug what other services can we do for timestamps right let's do a show run what else was on we also have the service for logs turned on so we can turn that bad boy off right let's do let's get out of this and do you know that we need a global config mode for that right know this i know that so now we turned off time stamps for the logs as well we exit out of this notice we have a syslog message but no date and time remember we had one before i'll show y'all real quick when we got out we had a date and time so basically you could turn off the time stamps turn them back on again you can further configure this on which time to put at the end on the end of the message for example you can put a local date and time stamp or you can add a total uptime of the router to the messages i put not supported paper tracer because when i was experimenting with this a while back on packet tracer and wonder why it didn't work and i realized you just can't do that so i'll show y'all real quick this is on router frank we could just do a uh service timestamp log date uh debug uptime right so we just do we'll do a debug right so we'll say service we'll go to global config mode service timestamp right we can say we'll do logs right we can do uptime add the uptime to it right so now if we get out and take a look at this log boom we got 20 minutes for the uptime right there right see that while you show y'all we'll turn up uh we'll turn up a loopback interface interface loop back 99 that goes up and it was up when the router was up for 20 minutes and 24 seconds we could change we can get rid of that there's so many ways you can play with the time stamps i'm not gonna do it at all you know i don't wanna waste your time you might not even get one question from ccnp for this but anyways that is all i got for y'all today so we basically wrapped up uh this section we're going to move on to the next section i want to break these video these topics too much for y'all so that is my youtube page that's my twitter handle go ahead and add me on twitter go ahead and subscribe to my channel please leave any please leave a like when you leave this video and hit the subscribe button for now please comment like subscribe to the network
Info
Channel: NetworkBruh
Views: 474
Rating: undefined out of 5
Keywords: CCNP, CCNA, #labeveryday
Id: hjPavqwgxV0
Channel Id: undefined
Length: 23min 40sec (1420 seconds)
Published: Tue Aug 27 2019
Related Videos
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
Cisco Multicast Routing for CCNA, CCNP, and CCIE Candidates
Kevin Wallace Training, LLC
154K
6.11 Configure and verify Cisco NetFlow - CCNP
NetworkBruh
1.2K
Kubernetes Crash Course for Absolute Beginners [NEW]
TechWorld with Nana
273K
NetworkBruh LiveLabs E114 - OSPFv3 Freestyle - Eve NG
NetworkBruh
84
The Ingenious Design of the Aluminum Beverage Can
engineerguy
15M
🔊 How to use Audacity to Record & Edit Audio - Beginners Tutorial
Kevin Stratvert
727K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
How to Configure VRF (Virtual Routing and Forwarding) on Cisco IOS
Samuel Oppong
7.7K
Curson ICND1 14: CISCO Protocolos NTP y Syslog
Edson Hernandez
3.5K
How To Deploy Printers With Group Policy In Windows Server 2012 r2 — cbtmaster.
cbtmaster
12K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.