Cisco switch logs

Hello everyone,

I collect the logs of a Cisco switch with Graylog, to have the switch logs, I made a script "Prerouting - iptables - graylog- 514-1514 " (Redirect Graylog traffic) …in graylog I put “input” under port 514, it didn’t work, the switch sends the logs on port 514, so it requires a redirect…now i can have switch logs but why graylog does not accept logs under port 514 in the case of switch cisco. Please I want to know exactly why ??

Thanks.

Because port 514 is a privileged port and requires Graylog to run as root in order to open that port up with it’s listener.

If you want to know exactly why, then I suggest you Google a bit and find answers that way instead of demanding answers here :wink:

1 Like

Graylog is bind to privileged ports (anything <1024) :clap: but about switch cisco i have no exact information is what the switch sends his logs by default through port 514 ?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.