Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
1
Helpful
8
Replies

Filtering Syslog Messages on Nexus Switches

AshSe
Level 1
Level 1

‎12-10-2023 09:20 PM

Ours is a production setup. Recently we have configured Syslog on our Nexus switches. Our syslog team wants to receive filtered logs from switches itself. Please suggest if there is a way to filter Syslog messages right at the source (Nexus Switches).

Labels:
0 Helpful
8 Replies 8

M02@rt37
VIP
VIP

‎12-10-2023 09:45 PM - edited ‎12-10-2023 09:45 PM

Hello @AshSe 

You can configure filters for Syslog messages using the logging command. This allows you to control which messages are sent to the Syslog server based on severity levels or other criteria.

# Define a Syslog server with an IP address
switch(config)# logging server <Syslog_Server_IP_Address>

# Set the severity level for logging messages to be sent to the Syslog server
switch(config)# logging level <severity-level>

# (Optional) Further filter based on facility or other criteria
switch(config)# logging source-interface <interface-name>

-<Syslog_Server_IP_Address>: Replace this with the IP address of your Syslog server

-<severity-level>: Specify the desired severity level (e.g., debug, info, warning, error, critical, alert, emergency). You can set the level to control which messages are sent to the Syslog server.

By configuring the appropriate logging levels and criteria, you can filter the Syslog messages directly on the Nexus switches before sending them to the Syslog server, meeting the requirements of your Syslog team.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

MHM Cisco World
VIP
VIP

‎12-10-2023 10:14 PM

We can change log level' NSK dont support filter log message as I know.

But if you elaborate more which log message type you need to filter maybe we can do some workaround.

MHM

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎12-10-2023 10:28 PM

@AshSe wrote:

Our syslog team wants to receive filtered logs from switches itself.

The team wants to see a select or specific facilities, mnemonics or words?

Where do they want to "see" these output?  Email?

0 Helpful

AshSe
Level 1
Level 1

‎12-10-2023 10:34 PM

We want to filter logs so that only critical security events are included, such as authentication logs (SSH, AAA), VPN access logs, firewall connection (inbound and outbound), user audit logs, and so on. We don't want any unnecessary logs to be sent to the syslog server.

0 Helpful

MHM Cisco World
VIP
VIP
In response to AshSe

‎12-10-2023 10:43 PM

Firewall connection and VPN access in Nexus??

Friend are you sure?

MHM

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to AshSe

‎12-10-2023 11:23 PM

@AshSe wrote:
VPN access logs, firewall connection (inbound and outbound)

I agree with @MHM Cisco World.  Wut?

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to AshSe

‎12-10-2023 11:25 PM - edited ‎12-10-2023 11:26 PM

@AshSe wrote:
We want to filter logs so that only critical security events are included

Only "Critical", right?

 

conf t
 logging server 1.2.3.4 
 logging monitor 2
end

 

AshSe
Level 1
Level 1

‎12-11-2023 02:50 AM

Thanks Leo it looks good to me. Let me check if that works.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card