Hello Colleagues!
Im trying to configure ACI logging with external syslog server.
I have got 3 APIC controllers with firmware 4.2(6d).
I done all steps from guide https://community.cisco.com/legacyfs/online/attachments/document/technote-aci-syslog_external-v1.pdf, and configured Out-Of-Band communication, Syslog Monitoring Destination Group, 2 Syslog Monitoring Sources (monCommonPol, monEPGPol for tenant common). I set severity level "information".
I tried to sent test message with logit utility and got it correctly. But my main problem with poor logs collection. I didn't get any information from audit logs of tenant (for example contract creation or deletion).
I tried to debug my case, and find some strange points below:
1. I got on my log server strange events like:
<132>Jan 28 13:08:44.321 UTC+0300 Leaf-123 %LOG_LOCAL0-4-SYSTEM_MSG [E4208898][transition][warning][sys] Number of records of class eventRecord is more than 10% above maximum value. Current value: 54750, max allowed: 10000, purge window: 250
Is it connected with my problem? Where I can check eventRecord's space utilization of leafs?
2. I haven't got any output from APIC Cli with command show running-config syslog, but I have got config in GUI. Is it right?
3. Moquery command on APIC shown me port UDP554 usage, but UDP5554 configured in reality.
APIC-VC# moquery -c syslogProf
Total Objects shown: 2
# syslog.Prof
adminState : enabled
dn : uni/fabric/slgroup-Logstash/prof
extMngdBy :
lcOwn : local
modTs : 2021-01-28T05:12:14.818+03:00
name : syslog
port : 514
rn : prof
status :
transport : udp
uid : 22341
Is it right too?
Thank you in advance!
