Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ACS 5.x: Configuring the external syslog server

     

     

    Introduction

    ACS 5.x: Configuring the external syslog server

    Configuration

    Please find the steps below to configure the external syslog server on the ACS 5.x:

    Step 1: Click on Remote Log target under log configuration then click on Create button to define the external syslog server.

    1.png

    Step 2: Define the Name of external syslog server and the IP address of the same, you can also mention the port number.

    Note: By default the port number is 514

    2.png

     You will see that the external syslog server is created:

    3.png

    Step 3: Now click on Global configuration under the system administration

    4.png

    Step 4: select the logging category for which you want to send the logs to the external syslog server.

    For example here I want to send all the passed authentication logs to external syslog server.

    5.png

    Step 5: Now select the Remote Syslog Target Tab

    6.png

    Step 6: Move the configured syslog server to the selected target and then click on submit.

    7.png

    Syslogs

    You will see the logs on the syslog server somewhat like this:

    04-29-2013          04:16:45               Local6.Notice     192.168.26.41     Apr 29 22:32:53 ACS41 CSCOacs_Passed_Authentications 0000000002 2 0 2011-08-01 22:32:53.032 +00:00 0000008450 5203 NOTICE Device-Administration: Session Authorization succeeded, ACSVersion=acs-5.2.0.26-B.3075, ConfigVersionId=117, Device IP Address=192.168.26.137, UserName=edward, CmdSet=[ CmdAV= ], Protocol=Tacacs, RequestLatency=10, NetworkDeviceName=switch, Type=Authorization, Privilege-Level=1, Authen-Type=ASCII, Service=Login, User=edward, Port=tty2, Remote-Address=10.78.167.190, Authen-Method=TacacsPlus, Service-Argument=shell, AcsSessionID=ACS41/101085887/112, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=Lookup, SelectedAccessService=Default Device Admin, SelectedShellProfile=Permit Access, IdentityGroup=IdentityGroup:All Groups, Step=13005 , Step=15008 , Step=15004 , Step=15012 , Step=15041 , Step=15006 , Step=15013 , Step=24210 , Step=24212 , Step=22037 , Step=15044 , Step=15035 , Step=15042 , Step=15036 , Step=15004 , Step=15017 , Step=13034 ,

     

    04-29-2013        04:16:45               Local6.Notice     192.168.26.41     Apr 29 22:32:53 ACS41 CSCOacs_Passed_Authentications 0000000001 2 1 Step=13015 , SelectedAuthenticationIdentityStores=Internal Users, NetworkDeviceGroups=s1Migrated_NDGs:All s1Migrated_NDGs, NetworkDeviceGroups=Device Type:All Device Types, NetworkDeviceGroups=Location:All Locations, ServiceSelectionMatchedRule=Rule-2, IdentityPolicyMatchedRule=Default, AuthorizationPolicyMatchedRule=Rule-0, Action=Login, Privilege-Level=1, Authen-Type=ASCII, Service=Login, Remote-Address=10.78.167.190, UserIdentityGroup=IdentityGroup:All
    Comments
    New Member

    how many syslog server can be configured on ACS?

    Bronze

    A good post, but at least a couple of syslog aspects are missing:

    1) Advanced syslog options, mainly syslog TCP and syslog over TLS support. The TLS support also requires uploading a certificate chain so that should be in the tutorial.

    2) Configuring syslog within ADE-OS, for CLI and process related events.

    10336
    Views
    20
    Helpful
    2
    Comments