Can a Call Home server interact with Customer Syslog Server

mahingor · ‎12-10-2013

Is it possible to have a communication setup of Call Home server with Customer Syslog Server instead of individual devices. This is required as the customer is worried on the security part?

Bryan Williams · ‎12-10-2013

Mahim, Call Home is a part of IOS like the Syslog daemon. When enabled, Call Home uses EEM to watch for specific syslog message and report those directly back to Cisco. There is no external component that could be configured to run on the customers syslog server.

I'm not sure what the customer's security question is, but let me suggest a few options:

If the customer wants to filter messages, adjust the severity level or set a filter on the syslog alert group in the Call Home configuration.

If the customer is simply interested in knowing when messages are sent, use a Transport Gateway. The Transport Gateway is an optional proxy server that will log every message sent back to Cisco.

Or, if they want to inspect every message, they have a coule of options. If they want to inspect every message before it is sent, disable automatic forwarding in the Transport Gateway. Every message will be held in the gateway until inspected and manually released. Or, if they simply want to audit messages, make a copy of the CiscoTAC-1 profile with a local email destination. That email address will get a raw copy of every message sent back to Cisco.