DNAC looking at old syslog messages

rasmus.elmholt · ‎05-03-2021

Hi,

I have a DNA Center configured as the SYSLOG server for all switches.

How do I find the raw syslog messages received from a switch? I have looked in kibana, but can only find information from the last 2 weeks on the switch.

The switch was added to the DNAC and provisioned 3 months ago.

balaji.bandi · ‎05-03-2021

DNAC only shows 2 weeks or size it holds the logs ( not remember correctly it around 2GB size) after that it overwrites the logs.

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html#id_90187

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

rasmus.elmholt · ‎05-03-2021

I cannot see anything interesting about the syslog service in the Security Best Practise.

The syslog data is not visible in the audit log on the DNAC.

I have made a test log on the switch, and the message is pushed to the DNAC, and visible in the Device 360 Event Viewer.

But I cannot search the information from the log in kibana.

It seems like I can't go back any further than 14 days in the assurance log for the Device 360.

Beacon Bits · ‎03-03-2025

Hi @balaji.bandi,

I have configured the syslog server according to above document that you shared. But I don't see any thing from DNA to SolarWinds.

But when I validate I see one packet received by SolarWinds that means communication is fine. But nothing else is coming.

Is there anything else needs to be enable for a continuous syslog send to SolarWinds etc.

balaji.bandi · ‎03-03-2025

What kind of logs are you looking to ship to syslog -have you configured the event notification ( platform -> developer tools -> Events notification )

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help