Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6102
Views
0
Helpful
5
Replies

Mutiple Syslog Servers

JASON SIMMONS
Level 2
Level 2

‎07-20-2017 07:32 AM - edited ‎07-05-2021 07:22 AM

Can you send logs to multiple syslog servers?

I have two syslog servers configured, Cisco Prime and a Splunk server.  I can view syslog from the prime server but not in Splunk.  I'm concerned because when you configure syslog from the cli you get a message that "system logs will be sent to x.x.x.x from now on."

Labels:
0 Helpful
5 Replies 5

GRANT3779
Spotlight

‎07-20-2017 08:26 AM

Are you referencing sending syslog from a WLC or another Cisco device? I was assuming WLC due the post being in Wireless section but correct me if I am wrong.

You can configure multiple hosts in either scenario.

As an example below for IOS I have multiple logging host commands (not sure on how many are supported in IOS).

logging buffered informational
no logging console
logging enable
logging size 500
logging trap notifications
logging host 10.44.10.31
logging host 10.44.145.242

For WLC - I believe it is up to 3 syslog targets - commands below

(Cisco Controller) >config logging syslog host ?

<ip_addr> dotted IP address of the remote host

I am not clear on exactly what you are referencing though.

0 Helpful

JASON SIMMONS
Level 2
Level 2
In response to GRANT3779

‎07-20-2017 12:39 PM

Yes sending syslog from a wlc to a configured target, in my case Cisco Prime Infrastructure and Splunk.

Yes, you can configure 3 syslog targets.  

The statement that popped up on the screen after configuring a syslog target from the cli, "system logs will be sent to x.x.x.x from now on" makes it seem like the wlc will only send syslog to the newly configured target.  At least that's how I read it.

0 Helpful

GRANT3779
Spotlight
In response to JASON SIMMONS

‎07-20-2017 01:16 PM

I 'think' this is just advising the logs will also be sent to this address. It can send a copy for up to 3 servers.

Might be worth configuring them via gui under management tab and test from there.

I can lab the multiple syslog server setup but won't be until tomorrow morning (UK).

What wlc code are you running out of interest?

0 Helpful

JASON SIMMONS
Level 2
Level 2
In response to GRANT3779

‎07-20-2017 03:17 PM

8.2.151.0

Initially, I configured it using the GUI, but when the Splunk guys told me they weren't seeing anything I tried the CLI.

They've since confirmed that they are seeing the data but for some reason Splunk cant parse it.

0 Helpful

Karthickeyan Prabanandhan
Cisco Employee
Cisco Employee

‎04-24-2020 11:01 AM

Just happen to hit this thread. I thought I will share some of my observation with respect to Syslog behavior. Code 8.5 and above

 

 

Here is my understanding of the syslog behavior from the tests I did. Please correct me if you have observed something different.

 

IOS AP

  1. Config on Global config + AP Specific from WLC => AP specific takes precedence ( check in WLC ). Logs only to AP specific syslog server.
  2. Config AP specific from WLC + AP specific from AP => Logs to both syslog servers as technically we can have 3 syslog servers.
  3. Removing syslog server from the AP CLI works. (can be verified directly from AP CLI. But “sh capwap cli config” show only WLC data)

 

COS AP

  1. Config on Global config + AP Specific from WLC => AP specific takes precedence ( check in WLC ). AP specific doesn’t get configured ( from WLC CLI ). Unable to verify that 100%  because “sh logging” doesn’t show any server config from AP CLI. "sh capwap client config" doesnt show configured AP specific syslog.
  2. Config AP specific from WLC + AP specific from AP  => AP specific from AP CLI works.
  3. Removal of the syslog server via the above Ap CLI command defaults it to 255.255.255.255. Not sure if its broadcast or just a display. Also disabling the syslog via AP CLI  – not sure whether it works.

Checking with DEs about this behavior.

0 Helpful
Review Cisco Networking for a $25 gift card
Top