CISCO CSR Syslog


(Niall Quinn) #1

Hello Friends,

I am currently testing greylog to syslog for a Cisco CSRV. Can someone help with how this is configured within grey log?

Below is the config on the CSRV:
logging host 10.27.255.4 transport udp port 5149

In Grey log I have completed the following steps:
System > Inputs, select the input type from the drop down box (syslog UDP), and hit “Launch new input”. From here I have entered the following settings:

  • allow_override_date: true
  • bind_address: 0.0.0.0
  • expand_structured_data: false
  • force_rdns: false
  • override_source: empty
  • port: 5149
  • recv_buffer_size: 262144
  • store_full_message: true

The input is showing as ‘running’ however I do not see any data packets from the CSRV at all. Can someone point me in the right direction?

Thanks,
Niall


(Jan Doberstein) #2

You might find this blog helpful https://jalogisch.de/2018/working-with-cisco-asa-nexus-on-graylog/


(Niall Quinn) #3

Hi @jan,

Thank you for the quick response.

I have reviewed this document, however this has not resolved the issue. can I test connectivity from the Greylog server to the CSRV? to confirm its an issue on the sender side? Does this functionality exist?

Thanks,
Niall


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.