Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
0
Helpful
2
Replies

DNAC looking at old syslog messages

rasmus.elmholt
Level 7
Level 7

‎05-03-2021 02:11 AM

Hi,

 

I have a DNA Center configured as the SYSLOG server for all switches.

How do I find the raw syslog messages received from a switch? I have looked in kibana, but can only find information from the last 2 weeks on the switch.

The switch was added to the DNAC and provisioned 3 months ago.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎05-03-2021 04:33 AM

DNAC only shows 2 weeks or size it holds the logs ( not remember correctly it around 2GB size) after that it overwrites the logs.

 

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html#id_90187

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rasmus.elmholt
Level 7
Level 7
In response to balaji.bandi

‎05-03-2021 06:14 AM

I cannot see anything interesting about the syslog service in the Security Best Practise.

The syslog data is not visible in the audit log on the DNAC.

 

I have made a test log on the switch, and the message is pushed to the DNAC, and visible in the Device 360 Event Viewer.

But I cannot search the information from the log in kibana.

 

It seems like I can't go back any further than 14 days in the assurance log for the Device 360.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card