https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3882811#M317573 <P>Can you explain more about network log you looking ?&nbsp;<STRONG>network traffic</STRONG></P> Mon, 01 Jul 2019 20:03:01 GMT balaji.bandi 2019-07-01T20:03:01Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3882804#M317572 <P>Currently have logging enabled on my CSR 1000v. I can see configuration changes on splunk, but I cannot see network traffic. Is there a way to configure my logs to forward that information to splunk?</P> Mon, 01 Jul 2019 19:56:41 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3882804#M317572 ElishaDean5574 2019-07-01T19:56:41Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3882811#M317573 <P>Can you explain more about network log you looking ?&nbsp;<STRONG>network traffic</STRONG></P> Mon, 01 Jul 2019 20:03:01 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3882811#M317573 balaji.bandi 2019-07-01T20:03:01Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883169#M317598 <P>I need to forward traffic being sent through my router to Splunk in order to build a dashboard for network traffic. I have "logging trap debugging" turned on. And, I believe that may have done the trick. ISAKMP and ICMP Debugging is turned on and I am receiving those on Splunk, I am hesitant to turn on IP Debugging to see if it works because that is a lot for the router to process. Do you believe this will send all traffic to Splunk?</P> Tue, 02 Jul 2019 12:23:01 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883169#M317598 ElishaDean5574 2019-07-02T12:23:01Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883228#M317600 <P>Hello,</P> <P>&nbsp;</P> <P>I think you need at a minimum the below on your router:</P> <P>&nbsp;</P> <P>logging trap (trap level)<BR />logging host (Splunk Server) transport (tcp | udp) port (514)<BR />logging on</P> Tue, 02 Jul 2019 13:23:37 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883228#M317600 Georg Pauwen 2019-07-02T13:23:37Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883231#M317601 <P>All of that is enabled. See the images I attached with my message.</P> Tue, 02 Jul 2019 13:25:52 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883231#M317601 ElishaDean5574 2019-07-02T13:25:52Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883306#M317606 <P>&nbsp;</P> <P>You don't use logging to send the traffic to a remote device and even if you turned on ip debugging (which you don't want to do on a production router) it won't send the actual packets.&nbsp;</P> <P>&nbsp;</P> <P>If you want to send the packets you need to mirror the port your router is on and then send on copy of that traffic to the port your server is connected to assuming your switch etc. supports that functionality.&nbsp;</P> <P>&nbsp;</P> <P>Jon</P> Tue, 02 Jul 2019 15:27:11 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883306#M317606 Jon Marshall 2019-07-02T15:27:11Z https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883371#M317608 <P>We didn't enable ip debugging, I'm aware that would likely brick the CSR. However, we don't want to actually see the packets, we want to see the amount of traffic in real time. So that we can see the busiest times of day for example.</P> Tue, 02 Jul 2019 17:32:48 GMT https://community.cisco.com/t5/routing-and-sd-wan/forward-routing-logs-to-syslog-splunk/m-p/3883371#M317608 ElishaDean5574 2019-07-02T17:32:48Z