All Apps and Add-ons

Do Cisco Nexus 9000 switches produce traffic logs, and how do we monitor them to index in Splunk?

BenTan
Path Finder

Hi,

Pardon me if this sounds like a stupid question, as I have very minimal experiences in switches or networking in general, but currently I am involved in a project trying to collect logs from Cisco Nexus 9000 series switches and so far we can only see configurations logs being sent to the syslog-ng server set up. As configuration changes are rarely done so 95% of the time the syslog-ng server does not receive any logs at all.

We were hoping to see some traffics logs from it and use the Cisco Networks App for Splunk Enterprise for monitoring, but the engineer in charge of the switches told our team that it only logs configuration logs.

I surfed through a couple of posts here and there and found out that people are actually able to monitor traffic logs through switches, so I am a little confused.

Any help would really be appreciated!

0 Karma

mikaelbje
Motivator

Using syslog you'll only be able to monitor the state of the switches. None of the switches allow you to actually output traffic logs, but the Nexus 9k App and Add-on for Splunk will let you show interface statistics. I'm not sure how well this app works as I haven't used it, but give it a shot.

Regards,
Mikael
Author of the Cisco Networks app

BenTan
Path Finder

Hi Mikael,

Thank you so much for your swift reply! How about the ACL? Is it part of the switches configuration?

Regards,
Benjamin

0 Karma

mikaelbje
Motivator

Oh, yeah, if you logs ACLs you will actually get that as traffic data. It's even CIM compliant if you use the Cisco Networks App/Add-On.

Check the Help page in the app for instructions on how to set up your logging correctly.

Please rate/accept helpful answers 🙂

0 Karma

BenTan
Path Finder

Alright, I will check it out and see if I can have any breakthrough from there!

Thank you so much! 🙂

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...