This topic describes the steps to configure Syslog on the Cisco Switch.
Prerequisites
- Administrator login credentials
Configuring Cisco Switch Syslogs
Follow the below steps to configure your Cisco device:
1. Log in to your Cisco Switch.
2. Type the following command to log in to the switch in privileged exec:
enable
Example:
Switch> enable
Switch#
3. Type the following command to switch to configuration mode:
conf t
Example:
Switch# conf t
Switch(config)#
4. Type the following commands:
- Sending logs to Forwarder:
logging host <Forwarder IP> transport <tcp/udp> port <Port Number>
logging source-interface <interface>
Example:
logging host 192.168.1.12 transport tcp port 11528
logging source-interface Ethernet1/1
- For Trap Configuration:
logging trap <level>
Example: logging trap informational
- For Console Configuration:
logging console <level>
Example: logging console Informational
- For Severity Configuration:
logging severity: <level>
Example: logging severity Informational
- For Facility Configuration:
logging facility local<level>
Example: logging facility local6
5. By default, timestamps are not included in the syslog messages. To enable timestamps, use the following command:
Example: service timestamps log datetime
6. Exit Configuration Mode and Save Configuration.
Please add the below Syslog Collector in the Configuration File,
- syslog:
common:
enabled: true
data_type: CISCO_SWITCH
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:11528
udp_address: 0.0.0.0:11528
Once the configuration is completed, you need to validate the logs in chronicle using a regular expression as (".*"). This expression, or a specific hostname, will provide the log source types that are being ingested into the chronicle. Below is the screenshot for reference:
Comments
0 comments
Please sign in to leave a comment.