Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18976
Views
5
Helpful
3
Replies

Send Syslogs to Multiple Syslog Servers?

ahallman-ca
Level 1
Level 1

‎01-23-2012 12:01 PM

I'm trying to find out if its possible to have all syslog messages level 6 and up sent to multiple syslog servers simultaneoulsy, noot just in a failover.

We have a groundwork/nagios server that all of our routers and switches currently send their messages to.  This is used to monitor and notify several teams should any issue be discovered, and must remain in my config.

I'm setting up a Kiwi Syslog Server specifically for the Network team to do a weekly review of our logs (currently we log into each device and do a "show logging").

The config I setup is as follows:

logging 10.10.7.x          (groundwork/nagios server)

logging 10.10.18.x        (kiwi syslog server)

For testing purposes, I set the logging level to 7.  The only way I've been successfully able to get any messages to go to the kiwi server is to remove the config for the groundwork/nagios server (no logging 10.10.7.x).

If it is possible, what would the config look like?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎01-23-2012 12:45 PM

Adam

You do not tell us what platform you are working on and this makes it a bit difficult to give you really good answers.  But in general Cisco devices have no problem in sending syslog messages to multiple syslog servers. I am not sure why your device would not send to the kiwi server unless you remove the nagios server and wonder if it is some platform specific issue.

So can you provide specifics of what platform we are dealing with, and perhaps specifics of how it is configured?

HTH

Rick

HTH

Rick
0 Helpful

ahallman-ca
Level 1
Level 1
In response to Richard Burts

‎01-23-2012 01:02 PM

This is a catalyst 3750 running ios 12.2

0 Helpful

Clayton Dukes
Level 1
Level 1
In response to ahallman-ca

‎01-23-2012 02:28 PM

Hi Adam,

You should be able to just add a second, 3rd, 4th, etc. logging host destination to the config.

Keep in mind that the best way to manage your logs is to actually send all logs to only one or two (for redundancy) centralized collectors and let those collectors distribute to remote NMS's. This method provides you with the ability to make additions, deletions of other NMS systems without having to touch every device in your network.

Here's a link to a whitepaper I published on syslog management that should help a lot:

http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

Customers Also Viewed These Support Documents