cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6151
Views
0
Helpful
2
Replies

WLC 5508 Syslog send to custom port

etijburg
Level 4
Level 4

We have added Splunk to a monitoring systems and I would like to send my wlc 5508 log messages to it.  We have the Syslog Data Inputs on that server are all TCP and we would like to maintain tcp only if possible. I do need to be on a custom port other than 514.  We are on 7.4.100.60 on a HA pair of 5508's.  Does any on have any insight on changing the syslog port number in the WLC config?

2 Replies 2

I am also having this requirement. But I do not think we can customize syslog ports in 5508s.

In a normal IOS device we can do this like below.

"logging host x.x.x.x transport {tcp|udp} port

Therefore in NextGen controllers (3850 or 5760) we should be able to use above command as it is running on IOS. Tested with 3850 & worked, not with a 5760 yet.

HTH

Rasika

malcolmtkelly
Level 1
Level 1

I too am using Splunk for capturing WLC Syslog.  With regards to the destination port of the Syslog, I don't know how to change it.  However, to get around this I have set up a Splunk Forwarder with Syslog-NG.  Basically Syslog-NG listens on any port number/protocol you define and writes logs to a log file name $hostname$.log.  This means I could have x different WLCs sending Syslog to Syslog-NG on UDP 514 and Syslog-NG will write the syslog from each host to it's individual file.

From their I've configured Splunk forwarder to monitor each file and forward the logs on to Splunk.  You can forward to any port/protocol you wish.

Also remember to do this

config logging debug syslog enable

On the controller.  Otherwise you won't see the messages you expect.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: