Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC 5508 Syslog send to custom port

We have added Splunk to a monitoring systems and I would like to send my wlc 5508 log messages to it.  We have the Syslog Data Inputs on that server are all TCP and we would like to maintain tcp only if possible. I do need to be on a custom port other than 514.  We are on 7.4.100.60 on a HA pair of 5508's.  Does any on have any insight on changing the syslog port number in the WLC config?

  • Security and Network Management
2 REPLIES
VIP Purple

Re: WLC 5508 Syslog send to custom port

I am also having this requirement. But I do not think we can customize syslog ports in 5508s.

In a normal IOS device we can do this like below.

"logging host x.x.x.x transport {tcp|udp} port

Therefore in NextGen controllers (3850 or 5760) we should be able to use above command as it is running on IOS. Tested with 3850 & worked, not with a 5760 yet.

HTH

Rasika

New Member

WLC 5508 Syslog send to custom port

I too am using Splunk for capturing WLC Syslog.  With regards to the destination port of the Syslog, I don't know how to change it.  However, to get around this I have set up a Splunk Forwarder with Syslog-NG.  Basically Syslog-NG listens on any port number/protocol you define and writes logs to a log file name $hostname$.log.  This means I could have x different WLCs sending Syslog to Syslog-NG on UDP 514 and Syslog-NG will write the syslog from each host to it's individual file.

From their I've configured Splunk forwarder to monitor each file and forward the logs on to Splunk.  You can forward to any port/protocol you wish.

Also remember to do this

config logging debug syslog enable

On the controller.  Otherwise you won't see the messages you expect.

2157
Views
0
Helpful
2
Replies