can i forward prime infrastructure alarms to the syslog?

Xinyuyao · ‎05-19-2022

Hi all

can i forward prime infrastructure alarms to the syslog to my company specified log server？

My boss want all the logs to the specified log server, but WLC can't send desired log via syslogs(like users up/down and AP name etc), wich it can be send to pi using snmp.

i want to know in pi. how to forward snmp messages to syslog then send to the log server.

THX

balaji.bandi · ‎05-19-2022

yes you can do, If the prime go down, all message will be not able tp ship, instead, you can configure in WLC to send SNMP traps and syslog directly to SYSLog server, is this works ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Flavio Miranda · ‎05-19-2022

Hi

You can do it using Noth-bound interface on Cisco Prime.

Go to> Administration> Settings> System Settings and in "Alarm Notification Policies".

Xinyuyao · ‎05-19-2022

follow your instruction.i find out the nothbound settings.

but the log server well not received snmp protocol.what should i do next?

THX

Flavio Miranda · ‎05-20-2022

If you need only kog, and no snmp traps, you follow this instruction.

Go to> Administration> Settings> System Settings and in "Alarm Notification Policies".

North bond is good to integrate with tool like Splunk for example.

robertmanak · ‎03-06-2023

Hi
I am dealing with the same situation and i want to ask, if you were able to find solution, how to send "wlc snmp messages" from Prime Infrastructure to some log manager via Syslog?
My log manager can't receive SNMP traps, so i need to get these messages via Syslog...

Thanks for answer

Flavio Miranda · ‎03-06-2023

Hi

You can create a noth bound connection to a Syslog server and forward the logs to that server.

robertmanak · ‎03-07-2023

But northbound connection can forward information only as an Email or SNMP trap...

Here is also quote from documentation:
Prime Infrastructure can forward alarms and events that are generated by the processing of received syslogs, traps, and TL/1 alarms to northbound notification destination. Information can be forwarded in email format or SNMP trap format...

What i need is syslog format

DejanKamensek · ‎03-30-2023

Hello! Did you find any solution yet?
I also need to configure Cisco Prime Infrastructure (v3.10.0) to send alarm and received syslog messages to a syslog receiver (Siem Qradar). I didn't find any way to do it as it seems it can only forward snmp traps and/or mails but Qradar wants syslogs.
There is Syslog Policies option under Administration / System Settings / Alarms and Events. It contains "Enable Run Script policy action", and gives warnings when you check it, but I don't think this is what I'm searching for.

Best Regards!
Dejan
sLOVEnia

robertmanak · ‎03-30-2023

I had the same task.
I needed to process specific alarms regarding Rogue AP. Prime can send these alarms only as SNMP trap and in QRadar you can create log source "Cisco WLC" which support also SNMP trap type logs.
Qradar also support SNMP traps with "universal DSM" if i recall correctly, but you will have to make your own parsing of events.

robertmanak · ‎03-30-2023

also for QRarad to be able to receive SNMP traps, you have to enable SNMP global services, check documentation