Does anyone have experience using tftp64 to cache and forward Cisco router logs to Graylog? We have Windows servers with winlogbeats sidecars installed already. And we have the Cisco ASA sending the logs direct to a raw input. But when the VPN tunnel goes down, the important debugging logs never reach Graylog. We need them cached, and all the available servers that are already logging are Windows. I’m just wondering what is the best way to go about this.
I have not used tftp64 for caching, but in my corporation, we solved this quickly.
We installed graylog servers on both ends of the VPN. So basically, we fired up another VM to send log from one environment to another. If the VPN went down the Graylog server in the same environment as the switches and firewalls would retain the syslog’s.
Just a suggestion, hope that helps.
Thanks so much. My Cisco guy decided to just install tftp64 on a Windows box, and keep the ASA logging to both places. The tftp64 logs will only be used in rare cases for debugging. But the fact is, I assume I could get winlogbeats to grab those and forward along with the Windows logs. The trick would be keeping them segregated. For now though apparently they don’t care enough to go down that path.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.