Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4035
Views
5
Helpful
6
Replies

Syslog export

lbe
Level 1
Level 1

‎02-04-2019 04:58 AM - edited ‎03-08-2019 05:30 PM

Hi everyone,

 

We are using DNA Center 1.2.6, and I’d like to know if there is a way to export internal DNAC logs to an external Syslog server ?

 

Thanks,

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Tomas de Leon
Cisco Employee
Cisco Employee

‎02-04-2019 05:10 AM

At this time, you can export the logs via Syslog.  You can setup logging for devices and some events are reported to syslog.

 

To export the Logs from the Cisco DNA Center, you need to perform:

  • "sudo rca" from the CLI of "each" Cisco DNAC in the cluster
  • use SCP to export logs to external server.

I hope this helps

 

T.

0 Helpful

lbe
Level 1
Level 1
In response to Tomas de Leon

‎02-05-2019 06:01 AM

Thank you Tomas for your reply,

 

If I understand correctly, your propose a SYSLOG export via manual SCP.

 

What we need is an export of logs in real time, meaning that each time a log is generated on DNAC, the log is send automatically through SYSLOG protocol to an external server.

Is it possible ? If not possible through SYSLOG, how can we do that ?

 

Regards,

0 Helpful

Tomas de Leon
Cisco Employee
Cisco Employee
In response to lbe

‎02-05-2019 07:00 AM

There are two separate things here:

  1. Syslog messages are configured to send "Syslog" messages to a syslog server.
  2. The RCA logs on the Cisco DNAC which relate to the different services on the Cisco DNAC.

 

Item#1 is sent directly to the Syslog Server. In addition, SNMP traps can also be sent from the connected\managed devices.

Item#2 is specific to services run on the Cisco DNAC and these have to be exported via another protocol like SCP.  These are not syslog messages.

 

I hope this clarifies things

 

Regards

 

T.

lbe
Level 1
Level 1
In response to Tomas de Leon

‎02-08-2019 09:05 AM

Thank you one again,
For security purpose, we need to export several DNAC logs to an external SYSLOG server in real time (when a user connect or try to connect on DNAC, when a user change or try to change a configuration on DNAC, ...).
These logs are specific to DNAC, so I understand we will have to use SCP to regularly export these logs. Correct ? If yes, do you know if Cisco planned a  syslog export feature in a next release ?
From a security point of view, DNAC is a sensitive tool, security monitoring become mandatory.

Regards

0 Helpful

chunhwon
Cisco Employee
Cisco Employee
In response to lbe

‎06-10-2019 07:46 AM

Hi All,

 

any updates on those questions about exporting log in DNAC externally in real time?

 

Many thanks,
CH

0 Helpful

g.sperryn
Level 1
Level 1
In response to lbe

‎02-11-2020 05:58 AM

Hi, this is quite an important requirement from a customer POV. Essentially we need a mechanism to export (in real-time) at least the administrative audit event data for ingestion into a SIEM and log archive.

0 Helpful
Customers Also Viewed These Support Documents