cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Forward Syslog Messages to external Server using ACS

3389
Views
12
Helpful
6
Comments

Forward Syslog Messages to external Server using ACS

Introduction

This Document describes the steps on How to Forward the syslog messages to External Server Using ACS 5.x

Prerequisites

Connectivity of ACS 5.x with Syslog server.

Requirements

ACS 5.x

Any syslog server

Components Used

ACS 5.4

KiwiSyslog server

Configure

Go to System Administration>Configuration>Log configuration>Remote Log Targets>Create

step1: Give a name to the syslog server

step2: You can define type(syslog)

step3: Type the IP address of syslog server

Step4: define port (514)

Step5: Define Fcility code as LOCAL

Step6: define max length as 1024

Acs1.jpg

Specify which messages should be forwarded to the new created Syslog Server.

In this example, I have selected Radius  Accounting as I want to forward Accounting logs. However you can select  anyother category as well.

Step1: Go to System Administration>Configuration>Log Configuration>Logging Categories>Global

Step2: Select Radius accounting

Acs2.jpg

Then move the available External Syslog Server to the Selected Targets and click submit.

Step1: Go to System  Administration>>Configuration>Log Configuration>Logging  Categories>Global>Edit"Radius Accounting"

Acs3.jpg

Submit the changes.

Verify

Generate some traffic and you should now be able to see the messages on the server.

Comments
Community Member

Thanks, that was very easy to follow.

Beginner

Followed the same and we are able to receive the syslog messages in the external server,

But we have noticed the below issues

"

integrated the ACS logging message to External Syslog Servers, and identified that the logs displayed there is have // instead of one /,

eg:  Domain/username ( In ACS )

 Domain//username ( When forwarded to external Syslog Server )

 

We have tried this in Multiple Syslog servers and the result is same, 

We are suspecting that ACS is adding an additional Slash at the time of sending the logs, Is there an option to check the sent logs in ACS ? "

Thank you,

Vishnu

Cisco Employee

Hi Vishnu,

You can  enable log to local log target from logging categories ,then we can able to see same logs in the localstore.logs.

you can run the reports for same category and we can able to see the data.

Thanks

VenkataKrishna

Please rate helpful posts and mark correct answers.

Beginner

Thanks VenkataKrishna,

As you suggested i have tried that and in that the username is displaying with only on / Backslash,

but whenever we are forwarding this to an external server the output of username is displaying with //slash,

Eg : Domain/username ( In ACS )

 Domain//username ( In External Server )

Is there anything which we can do in ACS to correct the same ?

Thank you,

Vishnu

,

Cisco Employee

Hi Vishnu,

What is the version of ACS ?

Thanks

VenkataKrishna

Beginner

ACS version : 5.8

Thanks,

Vishnu