https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425954#M1081891 <P>Its all depends how bit network and how many devices Logs you want to sent to Azure, do you have express route to Azure or using Public Internet to sending Logs.</P> <P>&nbsp;</P> <P>If this is large environment.</P> <P>&nbsp;</P> <P>I would advise to setup a Local syslog server, from that syslog server push all the Logs to cloud is best option and secure.</P> Wed, 30 Jun 2021 09:16:49 GMT balaji.bandi 2021-06-30T09:16:49Z https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425871#M1081886 <P>guys..</P><P>what is the recommended syslog configuration if i want to send all logs to azure sentinel?</P><P>i mean do i need to include the uplinks in the command? eg below:-</P><P>logging facility syslog</P><P>logging source-interface "uplink-ports"</P><P>logging host "ip add of syslog server"</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 30 Jun 2021 06:18:35 GMT https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425871#M1081886 shaikh.zaid22 2021-06-30T06:18:35Z https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425954#M1081891 <P>Its all depends how bit network and how many devices Logs you want to sent to Azure, do you have express route to Azure or using Public Internet to sending Logs.</P> <P>&nbsp;</P> <P>If this is large environment.</P> <P>&nbsp;</P> <P>I would advise to setup a Local syslog server, from that syslog server push all the Logs to cloud is best option and secure.</P> Wed, 30 Jun 2021 09:16:49 GMT https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425954#M1081891 balaji.bandi 2021-06-30T09:16:49Z https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425975#M1081894 <P>Thanks Balaji</P><P>We have 4 pairs of stack switches and a core sw in vss.&nbsp;</P><P>we have expressroute in place.</P><P>&nbsp;</P><P>i want to know about the command "<SPAN>logging source-interface "uplink-ports"</SPAN></P><P><SPAN>if i put an uplink interface here does all the logs will pass through it ? or i donot have to put anything?</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 30 Jun 2021 10:01:44 GMT https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4425975#M1081894 shaikh.zaid22 2021-06-30T10:01:44Z https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4426006#M1081897 <P>yes it uses the source interface to send Logs.</P> <P>&nbsp;</P> <P>"logging source-interface "uplink-ports"</P> <P>&nbsp;</P> <P>make sure that uplink(layer3 has rechability to Azure IP address).&nbsp; (i mean it allowed your any EDGE FW interface facing or express routing facing)</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 30 Jun 2021 11:21:25 GMT https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4426006#M1081897 balaji.bandi 2021-06-30T11:21:25Z https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4426513#M1081917 <P>Thanks Balaji,</P><P>&nbsp;</P><P>Actually i have tested the config and logs are successfully being sent to sentinel. However i included source-interface as gig1/0/1 for testing.</P><P>&nbsp;</P><P>Now i will update it with the uplink port to send all ports and other system logs.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 01 Jul 2021 06:06:51 GMT https://community.cisco.com/t5/network-security/syslog-configuration/m-p/4426513#M1081917 shaikh.zaid22 2021-07-01T06:06:51Z