After setting up TACACS+ and FreeRADIUS I decided to go ahead and add more services to my main test lab server. I am using CentOS in the lab, and decided to add a syslog server and an FTP server to the mix.
This is a very simple process as we use Rsyslogd as our production syslog server. First we need to uncomment some lines in the file /etc/rsyslog.conf. The most important lines are the ones at the bottom of the code listing, they tell Rsyslogd to listen on UDP port 514.
#### MODULES #### # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad imklog # reads kernel messages (the same are read from journald) $ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
The next step is to set up the remote logging location and file format. In order to no clutter the log directory, I made a new directory.
mkdir -p /var/log/lab
Add these lines to the bottom of the /etc/syslog.conf file.
$template DynaFile,"/var/log/lab/remote-%fromhost-ip%.log" *.* -?DynaFile
Now set up one of the lab routers for logging.
logging origin-id string CSR1 logging source-interface GigabitEthernet1 logging host 192.168.2.101 int lo0 ip address 192.168.3.10 255.255.255.0 logging event link-status
Shut and no shut the port a couple of times in order to make some logging events.
cat /var/log/lab/remote-192.168.2.1.log Jul 11 09:02:26 192.168.2.1 161: CSR1: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down Jul 11 09:02:26 192.168.2.1 162: CSR1: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
First add a user where the configuration files from the routers will be stored. Just to keep things simple and consistent I added the user cisco with the password CCIE. Obviously this is a lab only environment, I would never do this production.
useradd cisco passwd cisco
For this portion of the post I am just using one of the many howto’s on the internet. Once again, I have been burned by not documenting my steps for a process so I will document them below.
yum -y install proftpd
Make a backup of the configuration file.
cp /etc/proftpd.conf /etc/proftpd.conf.0
Make sure that users are chroot’ed to their home directories.
# Cause every FTP user except adm to be chrooted into their home directory DefaultRoot ~ !adm
Start up the proftpd server.
systemctl enable proftpd systemctl start proftpd
Testing from within the lab, here is an FTP from CSR1 to TLTS1.
copy flash:def ftp://cisco:CCIE@192.168.2.101/ Address or name of remote host [192.168.2.101]? Destination filename [def]? Writing def ! 973 bytes copied in 0.180 secs (5406 bytes/sec)
And confirm the file is on the FTP server.
ls /home/cisco/ def