This Document describes the steps on How to Forward the syslog messages to External Server Using ACS 5.x
Connectivity of ACS 5.x with Syslog server.
Any syslog server
Go to System Administration>Configuration>Log configuration>Remote Log Targets>Create
step1: Give a name to the syslog server
step2: You can define type(syslog)
step3: Type the IP address of syslog server
Step4: define port (514)
Step5: Define Fcility code as LOCAL
Step6: define max length as 1024
Specify which messages should be forwarded to the new created Syslog Server.
In this example, I have selected Radius Accounting as I want to forward Accounting logs. However you can select anyother category as well.
Step1: Go to System Administration>Configuration>Log Configuration>Logging Categories>Global
Step2: Select Radius accounting
Then move the available External Syslog Server to the Selected Targets and click submit.
Step1: Go to System Administration>>Configuration>Log Configuration>Logging Categories>Global>Edit"Radius Accounting"
Submit the changes.
Generate some traffic and you should now be able to see the messages on the server.
Thanks, that was very easy to follow.
Followed the same and we are able to receive the syslog messages in the external server,
But we have noticed the below issues
integrated the ACS logging message to External Syslog Servers, and identified that the logs displayed there is have // instead of one /,
eg: Domain/username ( In ACS )
Domain//username ( When forwarded to external Syslog Server )
We have tried this in Multiple Syslog servers and the result is same,
We are suspecting that ACS is adding an additional Slash at the time of sending the logs, Is there an option to check the sent logs in ACS ? "
You can enable log to local log target from logging categories ,then we can able to see same logs in the localstore.logs.
you can run the reports for same category and we can able to see the data.
Please rate helpful posts and mark correct answers.
As you suggested i have tried that and in that the username is displaying with only on / Backslash,
but whenever we are forwarding this to an external server the output of username is displaying with //slash,
Eg : Domain/username ( In ACS )
Domain//username ( In External Server )
Is there anything which we can do in ACS to correct the same ?
What is the version of ACS ?
ACS version : 5.8