I recently bought a Cisco 2651XM router (docs) and a Cisco Catalyst 2950T-24 switch (docs) from Black Hat Networks of Arlington, VA. I'd like to administer them and centralize logging without using the main data-carrying network. I looked at Cisco's Cabling Guide for Console and AUX Ports and considered administering the devices via serial cable to the console ports and sending the logs via other interfaces. (An explanation of the difference between console and AUX is here. Question 137 in the Cisco FAQ is helpful.)
The 24 port switch has plenty of extra interfaces to use, so I think I can dedicate one port to a separate "logging network." The router doesn't have an extra interface, but it does have its AUX port. Cisco offers this Connecting a SLIP/PPP Device to a Router's AUX Port PDF. A Google search found this post, which considered doing something similar, with log messages sent to a printer. (Even printers can be attacked.) Other posts (here and here) mentioned Kermit to log data, via a null modem and PPP session (mentioned here). I think this article on building a FreeBSD-based console server, with conserver and an EasyIO PCI serial card (vendor, or similar products) is the way to go, with PPP conf files available. (For an alternative, this thread debates the merits of setting up a parallel port point-to-point connection.)
Some people take the serial port to a whole new level. A serial sniffer exists. With PC Weasel 2000, which allows BIOS access via serial port:
LogAnalysis.org is a great site for information on logging.
0 komentar:
Posting Komentar