Cisco Routers and Switches Syslog Analysis
Folks,
Hope you are aware that EventLog Analyzer can also collect syslogs from Cisco Devices (Routers and Switches), over and above its capability for collecting Windows Event Logs and Unix/Linux syslogs.
EventLog Analyzer by default listens to port 513 for syslog messages, whereas the Cisco Devices by default would be sending their syslogs to port 514. So in order to receive these Cisco Device logs, EventLog Analyzer provides you with a facility of adding a virtual syslog server which listens to port 514.
This instructions for adding this virtual syslog server in EventLog Analyzer to listen to syslog messages sent by Cisco Devices, is as follows:
1. Go to Settings tab, in the EventLog Analyzer Web UI, and click on Add New Host link
2. Select Operating System as " Unix " and give Host Name field with Cisco Device name.
3. Specify SysLog Listener port field as " 514 " and Save.
Now you need to configure your Cisco Device to send syslogs to EventLog Analyzer Server.
4. Login into Cisco Device.
5. Go to Config mode.
6. Do the below configuration in Cisco Device.
<Routername># config terminal
<Routername># logging <EventLog Analyzer IP>
where, <EventLog Analyzer IP> is the IP Address of the machine where EventLog Analyzer is running.
(Only) The steps 1, 2 & 3 can be skipped if you have already configured (this is for builds lower than 4010) your EventLog Analyzer server to listen to port 514 or if you are using builds 4010 or higher, where port 514 is supported by default.
If you have any further queries, please respond to support@eventloganalyzer.com
Hope you are aware that EventLog Analyzer can also collect syslogs from Cisco Devices (Routers and Switches), over and above its capability for collecting Windows Event Logs and Unix/Linux syslogs.
EventLog Analyzer by default listens to port 513 for syslog messages, whereas the Cisco Devices by default would be sending their syslogs to port 514. So in order to receive these Cisco Device logs, EventLog Analyzer provides you with a facility of adding a virtual syslog server which listens to port 514.
This instructions for adding this virtual syslog server in EventLog Analyzer to listen to syslog messages sent by Cisco Devices, is as follows:
1. Go to Settings tab, in the EventLog Analyzer Web UI, and click on Add New Host link
2. Select Operating System as " Unix " and give Host Name field with Cisco Device name.
3. Specify SysLog Listener port field as " 514 " and Save.
Now you need to configure your Cisco Device to send syslogs to EventLog Analyzer Server.
4. Login into Cisco Device.
5. Go to Config mode.
6. Do the below configuration in Cisco Device.
<Routername># config terminal
<Routername># logging <EventLog Analyzer IP>
where, <EventLog Analyzer IP> is the IP Address of the machine where EventLog Analyzer is running.
(Only) The steps 1, 2 & 3 can be skipped if you have already configured (this is for builds lower than 4010) your EventLog Analyzer server to listen to port 514 or if you are using builds 4010 or higher, where port 514 is supported by default.
If you have any further queries, please respond to support@eventloganalyzer.com
Topic Participants
ajay
kmoore_me
Shankar Ramaiah
AdventNetEventLogAnalyz