Overview
This topic describes the steps to configure syslog on the Cisco Router.
Prerequisites
Need to have Administrator login credentials.
Configuration syslog in Cisco Router
Take the following steps to configure your Cisco device:
1. Log in to your Cisco Router.
2. Type the following command to log in to the router in privileged exec:
enable
Example:
Router> enable
Router#
3. Type the following command to switch to configuration mode:
conf t
Example:
Router# conf t
Router(config)#
4. Type the following commands:
logging host <Forwarder IP> transport <tcp/udp> port <Port Number>
logging source-interface <interface>
Example:
logging host 192.168.1.123 transport tcp port 11561
logging source-interface Ethernet1/1
- For Trap Configuration:
logging trap <level>
Example: logging trap informational
- For Console Configuration:
logging console <level>
Example: logging console Informational
- For Severity Configuration:
logging severity <level>
Example: logging severity Informational
- For Facility Configuration:
logging facility local<level>
Examples: logging facility local6
5. By default, timestamps are not included in the syslog messages. To enable timestamps, use the following command:
Example: service timestamps log datetime
6. Exit Configuration Mode and Save Configuration.
Please add the below Syslog Collector in Config File,
- syslog:
common:
enabled: true
data_type: CISCO_ROUTER
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:11561
udp_address: 0.0.0.0:11561
Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.
Comments
0 comments
Please sign in to leave a comment.