How to configure Syslog-ng to receive Cisco switch...

splunkfly · ‎04-12-2016

I'm able to get the Cisco switch log files from switch IP address to my machine, but how do I use and configure Syslog-ng to to get the switch log files into /var/logs/cisco_switch.log. I don't see any files coming into /var/logs/cisco_switch.log, but I could see the log files automatically coming into /var/log/syslog.

Appreciate any help to configure it.

Listening to incoming UDP Syslog connections

source s_src {
       system();
       internal();
       udp(port(514));
};

Destination files

destination switch01{ file(“/var/log/Cisco_switch.log”); };

########################
# Filters

filter f_switch01 { host(“SWITCH_IP_ADDRESS”); };

########################
# Log paths

log { source(s_src);  filter(f_switch01); destination(switch01); };

@include "/etc/syslog-ng/conf.d/*.conf"

If anything is wrong with the script, please correct me. Should I make any configuration settings in /etc/init.d/syslog-ng ?

javiergn · ‎04-12-2016

Rather than reinventing the wheel I'm going to point you to this wonderful post:

http://blogs.splunk.com/2016/03/11/using-syslog-ng-with-splunk/

Hope that helps

splunkfly · ‎04-13-2016

thanks ...

How to configure Syslog-ng to receive Cisco switch log files into destination file /var/logs/cisco_switch.log

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!