cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19290
Views
25
Helpful
2
Comments
anubgupt
Beginner
Beginner

     

     

    Introduction

    ACS 5.x: Configuring the external syslog server

    Configuration

    Please find the steps below to configure the external syslog server on the ACS 5.x:

    Step 1: Click on Remote Log target under log configuration then click on Create button to define the external syslog server.

    1.png

    Step 2: Define the Name of external syslog server and the IP address of the same, you can also mention the port number.

    Note: By default the port number is 514

    2.png

     You will see that the external syslog server is created:

    3.png

    Step 3: Now click on Global configuration under the system administration

    4.png

    Step 4: select the logging category for which you want to send the logs to the external syslog server.

    For example here I want to send all the passed authentication logs to external syslog server.

    5.png

    Step 5: Now select the Remote Syslog Target Tab

    6.png

    Step 6: Move the configured syslog server to the selected target and then click on submit.

    7.png

    Syslogs

    You will see the logs on the syslog server somewhat like this:

    04-29-2013          04:16:45               Local6.Notice     192.168.26.41     Apr 29 22:32:53 ACS41 CSCOacs_Passed_Authentications 0000000002 2 0 2011-08-01 22:32:53.032 +00:00 0000008450 5203 NOTICE Device-Administration: Session Authorization succeeded, ACSVersion=acs-5.2.0.26-B.3075, ConfigVersionId=117, Device IP Address=192.168.26.137, UserName=edward, CmdSet=[ CmdAV= ], Protocol=Tacacs, RequestLatency=10, NetworkDeviceName=switch, Type=Authorization, Privilege-Level=1, Authen-Type=ASCII, Service=Login, User=edward, Port=tty2, Remote-Address=10.78.167.190, Authen-Method=TacacsPlus, Service-Argument=shell, AcsSessionID=ACS41/101085887/112, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=Lookup, SelectedAccessService=Default Device Admin, SelectedShellProfile=Permit Access, IdentityGroup=IdentityGroup:All Groups, Step=13005 , Step=15008 , Step=15004 , Step=15012 , Step=15041 , Step=15006 , Step=15013 , Step=24210 , Step=24212 , Step=22037 , Step=15044 , Step=15035 , Step=15042 , Step=15036 , Step=15004 , Step=15017 , Step=13034 ,

     

    04-29-2013        04:16:45               Local6.Notice     192.168.26.41     Apr 29 22:32:53 ACS41 CSCOacs_Passed_Authentications 0000000001 2 1 Step=13015 , SelectedAuthenticationIdentityStores=Internal Users, NetworkDeviceGroups=s1Migrated_NDGs:All s1Migrated_NDGs, NetworkDeviceGroups=Device Type:All Device Types, NetworkDeviceGroups=Location:All Locations, ServiceSelectionMatchedRule=Rule-2, IdentityPolicyMatchedRule=Default, AuthorizationPolicyMatchedRule=Rule-0, Action=Login, Privilege-Level=1, Authen-Type=ASCII, Service=Login, Remote-Address=10.78.167.190, UserIdentityGroup=IdentityGroup:All
    Comments
    x_venusia_x
    Community Member

    how many syslog server can be configured on ACS?

    Nadav
    Rising star
    Rising star

    A good post, but at least a couple of syslog aspects are missing:

    1) Advanced syslog options, mainly syslog TCP and syslog over TLS support. The TLS support also requires uploading a certificate chain so that should be in the tutorial.

    2) Configuring syslog within ADE-OS, for CLI and process related events.

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Quick Links