Re: How to configure DNAC to send syslog logs to external Syslog serve

jaiwaei36 · ‎06-01-2023

Hi,

I had configured the external Syslog server for SDA fabric devices, however I can't find the option to configure DNAC to push DNAC's logs to external Syslog server? Anyone can guide me?

Shantha Kumar Selvaraj · ‎06-01-2023

Hi,

If you would like to send only audit logs to External server you can do that fromActivities-->audit logs page

or if you want to send all events then you can use the platform-->Developer Toolkit

eahmed.ext · ‎06-01-2023

Hi ,

Please configure the respective syslog server from DNA Center under ---------> settings ----> External Services .

then you can configure specific events notification under platform ---------> developer tools --------> Events notification

Hope that it will help your query on syslog configuration .

sisilva · ‎08-23-2023

Please, which CLI command could we do so as to confirm if DNAC is really sending syslog messages to external server?

All things are configured in the GUI but nothing appears at syslog server. It looks like DNAC is not sending messages.

jaiwaei36 · ‎08-23-2023

Yea, same for me. DNAC is still not sending any syslog messages to my syslog server despite followed the guide provided by @eahmed.ext . Anyone got these working before?

Kamran Mustafayev · ‎09-02-2024

How it ended up for you?

Tomas de Leon · ‎09-02-2024

Kamran,

If the user configures the necessary settings needed for this feature, the Catalyst Center will send syslog messages to the external server as expected. There can be multiple possibilities when this feature may not work or have issues:

Mis-configuration on Catalyst Center in regards to "which" feature is using syslog transport to external server
External Server may have a software firewall policy enabled blocking incoming messages from the Catalyst Center
IP connectivity to Syslog Server may be impeded by routing or a security device
External Server may not have the Catalyst Center configured and a Syslog agent that it can receive messages from.

could be more but these are the most common seen.

That said, there could always be a software defect on our side for a condition that was not accounted for. Looking at the logs could determine this. If you have an issue with a feature on the Catalyst Center, please open a Cisco TAC Case so that the TAC engineer can triage the issue appropriately.

When opening a Cisco TAC Case, you can assist in getting a faster turn around on problem assessment if you provided the following when opening the case or during the first interactions with the TAC Engineer:

- Detailed description of the Issue and the steps or history of tasks leading up to the issue.
- Cisco Catalyst Center (SOURCE/INSTALLED VERSION)
- Serial#
- Member_Id
- SDA / Non-SDA
- Run an RCA and upload to the Case. If 3-nodes, gather a RCA from each node and upload all 3 files to case.

Take a look at an existing tool that can help the TAC engineers access your Catalyst Center remotely and gather the necessary information for troubleshooting your issues.

https://radkit.cisco.com/

https://radkit.cisco.com/#About

If you are running Catalyst Center 2.3.7.6, we have the full featured version embedded in the software which can be used. If you are running 2.3.5.x and earlier, we can still access using the embedded version to access the CLI of the Catalyst and Devices. Another option is that you can install a Standalone Service on a Windows, linux, or MAC OSX platform. If you have questions about the tool, ask about it with the TAC Engineer on your next Call.

How to configure DNAC to send syslog logs to external Syslog server?