cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

1984
Views
0
Helpful
2
Replies
Highlighted
Beginner

Sending Logs to Multiple Syslog Servers

Hi Team ,

is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.

Thanks.

Everyone's tags (1)
2 REPLIES 2
Beginner

Is someone able to answer

Is someone able to answer this question?  It appears you can do this on the ASA, but I would like to do it on the ASR 1000 and 3945 as well.

Beginner

It looks to me that you can

It looks to me that you can set up discriminators on IOS routers to do what you're wanting.  The global config command is:

logging discriminator discr-name [ [ facility] [ mnemonics] [ msg-body{ drops string | includes string } ] [ severity { drops sev-num | includes sev-num } ] [ rate-limit msglimit ]

So, you could do something like this:

logging discriminator TEST severity includes 5

!

logging host 172.25.10.25
logging host 172.24.10.41 discriminator TEST

 

sho log
Syslog logging: enabled (0 messages dropped, 612 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

Active Message Discriminator:
TEST severity group includes 5

 


No Inactive Message Discriminator.


    Console logging: level debugging, 108380 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 388 messages logged, xml disabled,
                     filtering disabled
        Logging to: vty2(2)
    Buffer logging:  level debugging, 108115 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level debugging, 108211 message lines logged
        Logging to 172.25.10.25  (udp port 514, audit disabled,
              link up),
              107002 message lines logged, 
              0 message lines rate-limited, 
              2 message lines dropped-by-MD, 
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 172.24.10.41  (udp port 514, audit disabled,
              link up),
              6 message lines logged, 
              0 message lines rate-limited, 
              1 message lines dropped-by-MD, 
              xml disabled, sequence number disabled
              filtering enabled, discriminator (TEST)
        Logging Source-Interface:       VRF Name:
        GigabitEthernet0/0/1.9          
          
Log Buffer (16384 bytes):

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here