Re: Syslog configuration

shaikh.zaid22 · ‎06-29-2021

guys..

what is the recommended syslog configuration if i want to send all logs to azure sentinel?

i mean do i need to include the uplinks in the command? eg below:-

logging facility syslog

logging source-interface "uplink-ports"

logging host "ip add of syslog server"

balaji.bandi · ‎06-30-2021

Its all depends how bit network and how many devices Logs you want to sent to Azure, do you have express route to Azure or using Public Internet to sending Logs.

If this is large environment.

I would advise to setup a Local syslog server, from that syslog server push all the Logs to cloud is best option and secure.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

shaikh.zaid22 · ‎06-30-2021

Thanks Balaji

We have 4 pairs of stack switches and a core sw in vss.

we have expressroute in place.

i want to know about the command "logging source-interface "uplink-ports"

if i put an uplink interface here does all the logs will pass through it ? or i donot have to put anything?

balaji.bandi · ‎06-30-2021

yes it uses the source interface to send Logs.

"logging source-interface "uplink-ports"

make sure that uplink(layer3 has rechability to Azure IP address). (i mean it allowed your any EDGE FW interface facing or express routing facing)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

shaikh.zaid22 · ‎06-30-2021

Thanks Balaji,

Actually i have tested the config and logs are successfully being sent to sentinel. However i included source-interface as gig1/0/1 for testing.

Now i will update it with the uplink port to send all ports and other system logs.