Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
5186
Views
12
Helpful
6
Comments

Forward Syslog Messages to external Server using ACS

minkumar
Level 1
Level 1

‎07-31-2013 05:56 PM - edited ‎02-21-2020 10:00 PM

Forward Syslog Messages to external Server using ACS

Introduction

This Document describes the steps on How to Forward the syslog messages to External Server Using ACS 5.x

Prerequisites

Connectivity of ACS 5.x with Syslog server.

Requirements

ACS 5.x

Any syslog server

Components Used

ACS 5.4

KiwiSyslog server

Configure

Go to System Administration>Configuration>Log configuration>Remote Log Targets>Create

step1: Give a name to the syslog server

step2: You can define type(syslog)

step3: Type the IP address of syslog server

Step4: define port (514)

Step5: Define Fcility code as LOCAL

Step6: define max length as 1024

Acs1.jpg

Specify which messages should be forwarded to the new created Syslog Server.

In this example, I have selected Radius  Accounting as I want to forward Accounting logs. However you can select  anyother category as well.

Step1: Go to System Administration>Configuration>Log Configuration>Logging Categories>Global

Step2: Select Radius accounting

Acs2.jpg

Then move the available External Syslog Server to the Selected Targets and click submit.

Step1: Go to System  Administration>>Configuration>Log Configuration>Logging  Categories>Global>Edit"Radius Accounting"

Acs3.jpg

Submit the changes.

Verify

Generate some traffic and you should now be able to see the messages on the server.

Labels:
Comments
bpa-emhazen
Community Member
‎01-21-2015 11:05 AM

Thanks, that was very easy to follow.

vishnurnth1
Level 1
Level 1
‎08-22-2016 03:10 AM

Followed the same and we are able to receive the syslog messages in the external server,

But we have noticed the below issues

"

integrated the ACS logging message to External Syslog Servers, and identified that the logs displayed there is have // instead of one /,

eg:  Domain/username ( In ACS )

 Domain//username ( When forwarded to external Syslog Server )

 

We have tried this in Multiple Syslog servers and the result is same, 

We are suspecting that ACS is adding an additional Slash at the time of sending the logs, Is there an option to check the sent logs in ACS ? "

Thank you,

Vishnu

vthaluru
Cisco Employee
Cisco Employee
‎08-22-2016 03:56 AM

Hi Vishnu,

You can  enable log to local log target from logging categories ,then we can able to see same logs in the localstore.logs.

you can run the reports for same category and we can able to see the data.

Thanks

VenkataKrishna

Please rate helpful posts and mark correct answers.

vishnurnth1
Level 1
Level 1
‎08-22-2016 04:11 AM

Thanks VenkataKrishna,

As you suggested i have tried that and in that the username is displaying with only on / Backslash,

but whenever we are forwarding this to an external server the output of username is displaying with //slash,

Eg : Domain/username ( In ACS )

 Domain//username ( In External Server )

Is there anything which we can do in ACS to correct the same ?

Thank you,

Vishnu

,

vthaluru
Cisco Employee
Cisco Employee
‎08-22-2016 04:56 AM

Hi Vishnu,

What is the version of ACS ?

Thanks

VenkataKrishna

vishnurnth1
Level 1
Level 1
‎08-22-2016 09:17 AM

ACS version : 5.8

Thanks,

Vishnu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents