Ability to send syslog events to multiple syslog servers - SA540

Similar Messages

• Sending Logs to Multiple Syslog Servers

  Hi Team ,
  is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level ?, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.
  Thanks.

  Hi Team ,
  is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level ?, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.
  Thanks.

• Send Syslog messages to multiple SYSLOG servers

  Hi,
  We are have two syslog servers defined, however we notice that the ACS only sends the syslogs to one server and will only send to the other in a failure scenario, which is a standard operation across all platforms. However we have a requirement for the ACS to send syslogs to both servers simultaneously, is there a configuration option for this?
  Many Thanks
  Leon Noble

  You can do the following:
  1) Create a remote log target for your syslog server at
  System Administration >
  Configuration >
  Log Configuration >
  Remote Log Targets
  2) Configure the log categories that should be enabled to eb sent to this log target.
  Go to
  System Administration >
  Configuration >
  Log Configuration >
  Logging Categories >
  GlobalSelect a specifc category and then look at "Remote Syslog Target" tab.
  For each category that you want sent to your syslog server select the remote log target in the "
  Selected Targets" transfer box
  Note that this configuration is hierarchical. So if make configuration for one log category it applies to all subtemding categories. For example if configure
  "AAA Audit" then the configuration will apply to the pass and failed attempts categories

• Send certain syslog messages to different syslog servers

  We have had a security event where we have had to apply certain ACL's to block some traffic.  Some of the blocked traffic is logged to syslog.  We would like to send that log information to different syslog servers, depending on certain pattern matches.
  syslog entries that match pattern xxx = export to syslog server A
  syslog entries that match pattern yyy = export to syslog server B
  Is this possible using something like tcl scripting and EEM?  If so, could someone share some guidance on how this might be accomplished?
  TIA

  Thanks, Joseph.  You answered the question asked...but unfortunately I think that I did not phrase the question correctly.
  Our match criteria will always be mutually exclusive, so it will never match both.  Always one or the other.
  So now that we have this working in it's basic form, now we want to take it a step further and do the following....
  (working) Match criteria A, set Stream 10
  (working) Match criteria B, set Stream 20
  (working) Send stream 10 to syslog Host A
  (working) Send stream 20 to syslog Host B
  (NEW) Send stream 10 AND 20 to syslog Host C
  Unless we have the syntax incorrect, it appears as though we can only send one stream to a given host.  We can configure 'logging host SyslogC filtered stream 10'.  But if we then configure 'logging host SyslogC filtered stream 20', it appears to overwrite the previous configuration, so that we only send Stream 20 to SyslogC, and not Stream 10.
  Is it possible to send multiple streams to a single syslog host?
  Thank you!

• N5k and FI sending syslog

  Hi, I would like to know the behaviuor of N5ks and FIs when they are sending syslog messages to multiple remote syslog servers. Do they send it only to the 1st in the list OR to all of them at the same time.
  If I do "show logging server" on the n5k, it shows me 3 BUT as i do not have access o those servers, I cannot verify this.

  Hello,
  If you have configured three syslog servers, FI would send logs to all of them.
  If you want to verify it and do not have access to syslog servers, then one way to verify whether we send the messages or not is to turn on the debugs.
  connect nxos
  debug logging
  show debug logfile syslogd_debugs  <<<<---- view the debugs
  un all <<<---- turn off the debug
  You can do the same on N5K and verify it's functionality.
  Padma

• WLAN APs send syslog broadcasts in controller mode

  Hi,
  in a test environment we use several 1131 wlan aps in controller mode with software version 4.2.176.0.
  With wireshark running on a client pc in the same subnet as the wlan aps reside I saw that the wlan aps are sending syslog messages to the broadcast address 255.255.255.255 like "AP:<mac-address> %LWAPP-3-CLIENTERRORLOG: Decode Msg: could not match WLAN ID 5".
  Does anybody know if this is expected behaviour and how I can correctly configure syslog on the aps in controller mode?
  Many thanks in advance,
  Thorsten Steffen

  Hi,
  Yes, the AP broadcasting syslogs is an expected behavior. It helps in troubleshooting AP join issues. If you don't want the AP broadcasting the messages you can either configure the AP's to send them as unicasts or disable the syslogging by defining a destination address of 0.0.0.0.
  You would use the "config ap syslog host..." command on the controller to configure this. Obviously this command only works for the AP's after they have already joined the controller.

• EEM and sending syslog trap

  When using EEM applet or even EEM Script I have noticed a behavior, when sending syslog message like this
  action 30.1 syslog priority notifications msg "Usmerjevalnik $_info_routername: 1G LINK 2 UP (sla id = $sla_id) !!!"
  message does not appear in switch buffer and is not sent to syslog server, except when using global logging level "debugging" like:
  logging buffered 1024000 debugging
  logging trap debugging
  Is this normal behavior?
  I'm using C6513/SUP720/ios 151-2.SY2 or 122-33.SXJ6
  Regards,
  Branko

  Hi Branko,
  AFAIk, this is an expected behaviuor  , you need to have "logging trap debugging " command enabled to get the syslog traps.
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• Cannot send syslog to server from a RV082

  Good day everyone,
  I'm having an issue with the syslog.
  My configuration is:
  LAN A (RV042)<-> GW to GW tunnel <-> (RV082) LAN B
  On LAN A, I got a NAS with a syslog server.
  On the RV042, I've set the parameters for the syslog server, and it's working fine.
  On the RV082, I've set the same parameters and noting is happening.
  As troubleshooting, I've done the following:
  -On the RV082, I can ping the NAS without problems.
  -On the RV082, I've set my computer IP adress as syslog server IP and with packet analyser, I not seing any UDP packets.
  Any Ideas?
  Regards.

  Mainly, my configuration is simple
  at home
  I have an RV042, and on the lan side, I have a NAS with SYSLOG server. The RV042 is sending syslog on the nas without problems. (10.10.20.0 /255.255.255.0)
  On a Isolated Island, I got an RV082 with differents devices connected on the lan side. (10.10.10.0 /255.255.255.0)
  I set an Gateway to Gateway link between the 2 routers and it's working fine.
  From my home lan (10.10.20.0) I can get access to the router and the devices on the 'remote' lan without any problems.
  But on the 'remote' router RV082 I set to send the syslog to the SYSLOG server, it's not sending anything. But when I ping the NAS (Who's having the SYSLOG server) I got no packet lost.
  I've done a soft restart of the router, and also I tried to set as syslog IP on the RV082 my computer IP connected to the same lan as the NAS and monitoring incomiing UDP packets, I saw nothing.
  My impression is someting is stuck in the router RV082 that prevent that service working.
  The only issue is that router is in an isolated island and no one can come on site in case of an issue (if it"s not restating) exept from helicopter at XXK€ cost because see is frozen... So I have to be very carefull on what I'm doing..
  Regards.

• Setting up HP 3Com 5900 switch to send syslogs to Dell SecureWorks SIEM

  Need command line information or documentation for configuring HP 3Com 5900 Core Switch to send syslog information to Dell SecureWroks. I have found HP ProCurve Core Switch documentation but it does not reflect the 3Com version.

  Hi, Red:
  I suggest you also copy and paste your post to the HP Business Support Forum -- Procurve Switches section.
  http://h30499.www3.hp.com/t5/ProCurve-ProVision-Based/bd-p/switching-e-series-forum#.UsWPLul3u9I
  Paul

• Cisco ASA won't send Syslog out management interface

  I have been trying to get my ASA to send syslog out of the management interface without any luck. When I do a packet tracer it says that the global implicit deny rule is blocking it, but I tried to add a permit all in front of it and it still blocks it. Everything is configured correctly from what I can tell and the static routes and routing are correct. This has me baffled. Does anyone know what might be causing this or what I should look at in the config to get this working?

  Hi Mark,
        Talking of packet tracer, it would give you correct output for a through the box traffic, not for to the box or from the box traffic.
  So firstly we have two questions:
  1) Is this a through the box traffic, then you need to permit the traffic through ACL(if from lower sec level to higher) and add a NAT statement(depending on the ASA IOS Version you are using anything above 8.2.5 wont require a NAT).
  2) If this is a syslog from the firewall scenario, then you need to make sure to get the following logging configuration on ASA
  -enable logging
  -logging host management X.X.X.X --------(X.X.X.X is the ip of the syslog server)
  -logging trap debugging ----------(debugging is the level, you could use any other too, but to check would sugest this one)
  -Further if you have already sorted out till here, get us the following outputs:
  -show run
  -show logging
  -show logging queue
  Hope it helps
  Cheers,
  Naveen
  Please Rate Helpful posts.

• ASA 5550 - Two different syslogs servers

  Hi to all.
  In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it? All suggestions will be really appreciated. Thanks.

  Hello,
  While there is a limitation in the syslog server configurations, you could
  use other logging methods to collect specific information. While it is not
  very efficient method, if you are just concerned about login/logout messages
  for security audit purposes, you could use email logging. You can create a
  logging list and then send those messages to your email.
  Example:
  logging list mail message 111008
  logging list mail message 111004
  logging from-address
  You can do similar things by sending specific log events to SNMP server as
  well.
  Hope this helps.
  Regards,
  NT

• Add event to multiple calendars?

  Is it possible to add one event to multiple calendars?
  Example: I have a icloud calendar that i share with my wife and a exchange calendar for my work. When I'm traveling i want to add the event to my work calendar and to my shared calendar so my wife will remember that I'm traveling for certain days. What i'm doing right now is to add two events one to the shared calendar and one to my work calendar. Its just messing up the calendar view when i'm looking at it.
  Is there anyway to get around this so its just showing one event but is showing up in multiple calendars if you choose just one to look at?

  Hi Robert,
  There is not. If you would like this as a feature I sugget sending feedback to Apple. http://www.apple.com/feedback/
  Best wishes
  John M

• I have my Launch Vidoe ready and the "share" drop down is gray so no ability to send it anywhere.  what is this?  I went on to update the computer for other reasons, now Safari 6.0.2 asit interferred with downloads; and from OS X basic to Mtn Lion 10.8.2.

  I have my Launch Video ready and the "share" drop down is gray so no ability to send it anywhere.  What is this?  I went on to update the computer for other reasons, now Safari 6.0.2 asit interfered with downloads; and from OS X basic to Mtn Lion 10.8.2.  

  Make sure your Project has the focus. You cannot Share an Event.

• How to display timed events across multiple days in month view?

  Simple question I suppose, though I don't know if it has an answer. When I put an event spanning multiple days (say, a week long vacation) in iCal, and check the "All Day" box, it shows a nice, accurate, bar going across those days the event I'm entering covers. However, if I give it specific times for the event (e.g. the times of departure and return for said trip), even if those times are a week apart, the event still appears to only cover the starting date when viewed from the month perspective.
  Is there any way I can make the month calendar show all the days during which the event is "happening" so that at a glance I will realize that an entire week is busy?

  Hi,
  You can do it with keyboard shortcuts.
  Select the event. Press Cmd+X. Press Cmd and right or left arrow (depending if it is forward or back in months) until you are in the correct month. Press Cmd+V to pase on the same day in the new month.
  Best wishes
  John M

• Send invoice (copies) to multiple email address

  Hi,
  Is it possible to send invoice(copies) to multiple email address? how?
  Understand that we can maintain multiple email add for a customer. Example if 5 email add has been maintained for customer A, let say if I need to email 1 original invoice to email add 1 and email the other 2 copies invoice to email add 2 &amp; 3 , how do I select the email add 1, 2 &amp; 3 from the customer under the OUTPUT of change invoice (VF02) when we only input the customer code under Partner?
  Appreciate your inputs on the above.

  Hi,
  I think it is possible to send invoice copies to multiple email addresses using comma in between them.
  Regards,
  Sarosh