1.4.4 Set IP address for 'logging host'

Information

Log system messages and debug output to a remote host.

Cisco routers can send their log messages to a Unix-style Syslog service. A syslog service simply accepts messages and stores them in files or prints them according to a simple configuration file. This form of logging is best because it can provide protected long-term storage for logs (the devices internal logging buffer has limited capacity to store events.) In addition, logging to an external system is highly recommended or required by most security standards. If desired or required by policy, law and/or regulation, enable a second syslog server for redundancy.

Solution

Designate one or more syslog servers by IP address.

hostname(config)#logging host {syslog_server}

Impact:

Logging is an important process for an organization managing technology risk. The 'logging host' command sets the IP address of the logging host and enforces the logging process.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-6(1), 800-53|AU-7, 800-53|IR-4(1), 800-53|SI-4, 800-53|SI-4(2), 800-53|SI-4(5), CSCv7|6.6, CSCv7|6.8

Plugin: Cisco

Control ID: e23c66e0c8adc984f4c5eeab982f7705ac5c631cf24c9721cd2e740d20d5fe0e