CISCO CSR Syslog

Hello Friends,

I am currently testing greylog to syslog for a Cisco CSRV. Can someone help with how this is configured within grey log?

Below is the config on the CSRV:
logging host 10.27.255.4 transport udp port 5149

In Grey log I have completed the following steps:
System > Inputs, select the input type from the drop down box (syslog UDP), and hit “Launch new input”. From here I have entered the following settings:

  • allow_override_date: true
  • bind_address: 0.0.0.0
  • expand_structured_data: false
  • force_rdns: false
  • override_source: empty
  • port: 5149
  • recv_buffer_size: 262144
  • store_full_message: true

The input is showing as ‘running’ however I do not see any data packets from the CSRV at all. Can someone point me in the right direction?

Thanks,
Niall

You might find this blog helpful https://jalogisch.de/2018/working-with-cisco-asa-nexus-on-graylog/

Hi @jan,

Thank you for the quick response.

I have reviewed this document, however this has not resolved the issue. can I test connectivity from the Greylog server to the CSRV? to confirm its an issue on the sender side? Does this functionality exist?

Thanks,
Niall

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.