Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3710
Views
5
Helpful
2
Replies

Sending Logs to Multiple Syslog Servers

Mounes Yaseen
Level 1
Level 1

‎03-25-2014 02:16 AM - edited ‎03-03-2019 07:19 AM

Hi Team ,

is it doable to send log messages recorded on various cisco devices to multiple syslog servers by discriminating the severity level, for example I want to send all the critical and alerts logs to x.x.x.x server, but for other severities, I want to send the logs to y.y.y.y server.

Thanks.

4 people had this problem
Labels:
0 Helpful
2 Replies 2

Paul Wishart
Level 1
Level 1

‎04-18-2014 08:55 AM

Is someone able to answer this question?  It appears you can do this on the ASA, but I would like to do it on the ASR 1000 and 3945 as well.

0 Helpful

Paul Wishart
Level 1
Level 1

‎04-18-2014 03:57 PM

It looks to me that you can set up discriminators on IOS routers to do what you're wanting.  The global config command is:

logging discriminator discr-name [ [ facility] [ mnemonics] [ msg-body{ drops string | includes string } ] [ severity { drops sev-num | includes sev-num } ] [ rate-limit msglimit ]

So, you could do something like this:

logging discriminator TEST severity includes 5

!

logging host 172.25.10.25
logging host 172.24.10.41 discriminator TEST

 

sho log
Syslog logging: enabled (0 messages dropped, 612 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

Active Message Discriminator:
TEST severity group includes 5

 


No Inactive Message Discriminator.


    Console logging: level debugging, 108380 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 388 messages logged, xml disabled,
                     filtering disabled
        Logging to: vty2(2)
    Buffer logging:  level debugging, 108115 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level debugging, 108211 message lines logged
        Logging to 172.25.10.25  (udp port 514, audit disabled,
              link up),
              107002 message lines logged, 
              0 message lines rate-limited, 
              2 message lines dropped-by-MD, 
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 172.24.10.41  (udp port 514, audit disabled,
              link up),
              6 message lines logged, 
              0 message lines rate-limited, 
              1 message lines dropped-by-MD, 
              xml disabled, sequence number disabled
              filtering enabled, discriminator (TEST)
        Logging Source-Interface:       VRF Name:
        GigabitEthernet0/0/1.9          
          
Log Buffer (16384 bytes):

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents