Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
4
Replies

Ironport WSA Syslog subscription

PaulTThomas
Level 1
Level 1

‎10-09-2020 06:56 AM

We are currently sending syslogs using the management interface.  Am I able to send syslog using the internal interface instead.

 

 

Labels:
0 Helpful
4 Replies 4

Ken Stieers
VIP
VIP

‎10-09-2020 07:35 AM

If I remeber correctly, from the WSAs point of view, its a matter of routing. So if you put in a static route to the syslog host and set the gateway to be the same as for the inside interface it should send it out that interface, assuming that the syslog host isn't on the same network as the management interface.


0 Helpful

PaulTThomas
Level 1
Level 1
In response to Ken Stieers

‎10-12-2020 06:17 AM

Would the static route be put on the management interface (M1).

 

i.e.  M1 : 192.168.2.1   P1: 192.168.2.2      Log collector 10.1.1.1

 

So the static route configured on M1 would be Destination 10.1.1.1 Route  192.168.2.2

 

 

0 Helpful

Ken Stieers
VIP
VIP
In response to PaulTThomas

‎10-12-2020 07:04 AM

If you want it to go out the P1 interface, I'd put the route on the P1 interface.

Presumably the more specific route should take precedence so if you put it on P1, it should use P1 for that traffic.



The fuzzy part is if the WSA has some set of defined traffic routing rules written into the code, such as "syslog is management related, so we send it using M1..."


0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-09-2020 07:45 AM

As long as the syslog server able to reach the source of the interface you set to send Logs, the Log message can reach syslog with Log Subscripton.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents