Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10754
Views
0
Helpful
7
Replies

Logging to remote server "elk stack"

Go to solution
Mohammad Ramadan A.Hafiez
Level 3
Level 3

‎03-04-2017 11:47 AM

Hi friends,

   I have been tasked to implement open source logging server and forward all switches and routers..etc logs to it.

I have made it building elk stack 4.5 on ubuntu server 16 and working well but...

My issue that all received logs have the same severity of 5 and facility which is not correct according to the received logs.

Any one could make it before to help me? Any ideas guys?

Thank you all in advance

M.R.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lewis Goulden
Level 1
Level 1

‎03-06-2017 04:28 AM

Hi, 

You need to edit your Logstash configuration, and filter input using grok.

I have set up ELK in the past and found some useful configurations online.

Take a look at this configuration for cisco devices. (ASA is slightly different due to log format)

https://gist.github.com/clay584/5a75009ad571af3d0648

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Lewis Goulden
Level 1
Level 1

‎03-06-2017 04:28 AM

Hi, 

You need to edit your Logstash configuration, and filter input using grok.

I have set up ELK in the past and found some useful configurations online.

Take a look at this configuration for cisco devices. (ASA is slightly different due to log format)

https://gist.github.com/clay584/5a75009ad571af3d0648

0 Helpful

Go to solution
Mohammad Ramadan A.Hafiez
Level 3
Level 3
In response to Lewis Goulden

‎03-11-2017 06:13 AM

Hi Lewis,

             Thank you so much for your help, I figured out what was the issue and handled it , beside you link helped me too.

this link helped me too http://grokdebug.herokuapp.com/

thank you again

0 Helpful

Go to solution
Romeo
Level 1
Level 1

‎11-08-2017 07:53 AM

Hello did you follow a guide that you can share for all the installing process?

 

 

thanks in advance and best regards!

0 Helpful

Go to solution
akjain3
Cisco Employee
Cisco Employee

‎03-04-2022 12:11 AM - edited ‎03-04-2022 12:12 AM

Hi,

I need to visualize logs of the switch through elk but I need help to figure it out. Can you help me with that?

Thanks in advance

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to akjain3

‎03-04-2022 12:34 AM

Hello,

 

as I understand it, you have to create a dashboard in order to visualize data (Step 4 in the page linked below). Is that what you are looking for ?

 

https://www.redhat.com/sysadmin/web-server-monitor-ELK

0 Helpful

Go to solution
akjain3
Cisco Employee
Cisco Employee
In response to Georg Pauwen

‎03-09-2022 11:16 PM

Yes, I want to visualize the data and find out the failure points easily i.e. anomaly detection. But Frist can you help me to figure out how can I send logs from the server to Elasticsearch through Logstash.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to akjain3

‎03-10-2022 12:17 AM

Hello,

 

check the link below for the Logstash part. Is that what you are looking for ?

 

https://www.neteye-blog.com/2017/10/sending-cisco-syslogs-to-elasticsearch-a-simple-guide/

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card