Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
20878
Views
25
Helpful
2
Comments

ACS 5.x: Configuring the external syslog server

anubgupt
Level 1
Level 1

‎04-30-2013 06:44 AM - edited ‎02-21-2020 09:59 PM

     

     

    Introduction

    ACS 5.x: Configuring the external syslog server

    Configuration

    Please find the steps below to configure the external syslog server on the ACS 5.x:

    Step 1: Click on Remote Log target under log configuration then click on Create button to define the external syslog server.

    1.png

    Step 2: Define the Name of external syslog server and the IP address of the same, you can also mention the port number.

    Note: By default the port number is 514

    2.png

     You will see that the external syslog server is created:

    3.png

    Step 3: Now click on Global configuration under the system administration

    4.png

    Step 4: select the logging category for which you want to send the logs to the external syslog server.

    For example here I want to send all the passed authentication logs to external syslog server.

    5.png

    Step 5: Now select the Remote Syslog Target Tab

    6.png

    Step 6: Move the configured syslog server to the selected target and then click on submit.

    7.png

    Syslogs

    You will see the logs on the syslog server somewhat like this:

    04-29-2013          04:16:45               Local6.Notice     192.168.26.41     Apr 29 22:32:53 ACS41 CSCOacs_Passed_Authentications 0000000002 2 0 2011-08-01 22:32:53.032 +00:00 0000008450 5203 NOTICE Device-Administration: Session Authorization succeeded, ACSVersion=acs-5.2.0.26-B.3075, ConfigVersionId=117, Device IP Address=192.168.26.137, UserName=edward, CmdSet=[ CmdAV= ], Protocol=Tacacs, RequestLatency=10, NetworkDeviceName=switch, Type=Authorization, Privilege-Level=1, Authen-Type=ASCII, Service=Login, User=edward, Port=tty2, Remote-Address=10.78.167.190, Authen-Method=TacacsPlus, Service-Argument=shell, AcsSessionID=ACS41/101085887/112, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=Lookup, SelectedAccessService=Default Device Admin, SelectedShellProfile=Permit Access, IdentityGroup=IdentityGroup:All Groups, Step=13005 , Step=15008 , Step=15004 , Step=15012 , Step=15041 , Step=15006 , Step=15013 , Step=24210 , Step=24212 , Step=22037 , Step=15044 , Step=15035 , Step=15042 , Step=15036 , Step=15004 , Step=15017 , Step=13034 ,

     

    04-29-2013        04:16:45               Local6.Notice     192.168.26.41     Apr 29 22:32:53 ACS41 CSCOacs_Passed_Authentications 0000000001 2 1 Step=13015 , SelectedAuthenticationIdentityStores=Internal Users, NetworkDeviceGroups=s1Migrated_NDGs:All s1Migrated_NDGs, NetworkDeviceGroups=Device Type:All Device Types, NetworkDeviceGroups=Location:All Locations, ServiceSelectionMatchedRule=Rule-2, IdentityPolicyMatchedRule=Default, AuthorizationPolicyMatchedRule=Rule-0, Action=Login, Privilege-Level=1, Authen-Type=ASCII, Service=Login, Remote-Address=10.78.167.190, UserIdentityGroup=IdentityGroup:All
    Labels:
    Comments
    x_venusia_x
    Community Member
    ‎10-22-2015 12:04 PM

    how many syslog server can be configured on ACS?

    Nadav
    Level 7
    Level 7
    ‎03-19-2016 01:23 PM

    A good post, but at least a couple of syslog aspects are missing:

    1) Advanced syslog options, mainly syslog TCP and syslog over TLS support. The TLS support also requires uploading a certificate chain so that should be in the tutorial.

    2) Configuring syslog within ADE-OS, for CLI and process related events.

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents