12-10-2023 09:20 PM
Ours is a production setup. Recently we have configured Syslog on our Nexus switches. Our syslog team wants to receive filtered logs from switches itself. Please suggest if there is a way to filter Syslog messages right at the source (Nexus Switches).
12-10-2023 09:45 PM - edited 12-10-2023 09:45 PM
Hello @AshSe
You can configure filters for Syslog messages using the logging command. This allows you to control which messages are sent to the Syslog server based on severity levels or other criteria.
# Define a Syslog server with an IP address
switch(config)# logging server <Syslog_Server_IP_Address>
# Set the severity level for logging messages to be sent to the Syslog server
switch(config)# logging level <severity-level>
# (Optional) Further filter based on facility or other criteria
switch(config)# logging source-interface <interface-name>
-<Syslog_Server_IP_Address>: Replace this with the IP address of your Syslog server
-<severity-level>: Specify the desired severity level (e.g., debug, info, warning, error, critical, alert, emergency). You can set the level to control which messages are sent to the Syslog server.
By configuring the appropriate logging levels and criteria, you can filter the Syslog messages directly on the Nexus switches before sending them to the Syslog server, meeting the requirements of your Syslog team.
12-10-2023 10:14 PM
We can change log level' NSK dont support filter log message as I know.
But if you elaborate more which log message type you need to filter maybe we can do some workaround.
MHM
12-10-2023 10:28 PM
@AshSe wrote:
Our syslog team wants to receive filtered logs from switches itself.
The team wants to see a select or specific facilities, mnemonics or words?
Where do they want to "see" these output? Email?
12-10-2023 10:34 PM
We want to filter logs so that only critical security events are included, such as authentication logs (SSH, AAA), VPN access logs, firewall connection (inbound and outbound), user audit logs, and so on. We don't want any unnecessary logs to be sent to the syslog server.
12-10-2023 10:43 PM
Firewall connection and VPN access in Nexus??
Friend are you sure?
MHM
12-10-2023 11:23 PM
@AshSe wrote:
VPN access logs, firewall connection (inbound and outbound)
I agree with @MHM Cisco World. Wut?
12-10-2023 11:25 PM - edited 12-10-2023 11:26 PM
@AshSe wrote:
We want to filter logs so that only critical security events are included
Only "Critical", right?
conf t
logging server 1.2.3.4
logging monitor 2
end
12-11-2023 02:50 AM
Thanks Leo it looks good to me. Let me check if that works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide