We have added Splunk to a monitoring systems and I would like to send my wlc 5508 log messages to it. We have the Syslog Data Inputs on that server are all TCP and we would like to maintain tcp only if possible. I do need to be on a custom port other than 514. We are on 188.8.131.52 on a HA pair of 5508's. Does any on have any insight on changing the syslog port number in the WLC config?
I too am using Splunk for capturing WLC Syslog. With regards to the destination port of the Syslog, I don't know how to change it. However, to get around this I have set up a Splunk Forwarder with Syslog-NG. Basically Syslog-NG listens on any port number/protocol you define and writes logs to a log file name $hostname$.log. This means I could have x different WLCs sending Syslog to Syslog-NG on UDP 514 and Syslog-NG will write the syslog from each host to it's individual file.
From their I've configured Splunk forwarder to monitor each file and forward the logs on to Splunk. You can forward to any port/protocol you wish.
Also remember to do this
config logging debug syslog enable
On the controller. Otherwise you won't see the messages you expect.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
email@example.com. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...