Graylog is not picking Cisco switch logs


(Shann) #1

I setup all my cisco product logs to graylog with tcp connection. Firewall logs only is viewable in graylog.

Switches and Routers log traffics could not see in the system/input even the active connection shows there.

If I set a default syslog port (udp 514) and direct to rsyslog-Linux then it works but when used custom ports in graylog, it doesn’t work properly.

If I telnet to a custom tcp port, I can see the message in graylog that input while the telnet session is active.

Anyone knows what is issue that I’m facing?


(Jochen) #2

Cisco devices unfortunately don’t send valid syslog (according to RFC 3164 or RFC 5424).

We will add support for Cisco syslog in Graylog 2.2.3 (which is due next week) but for now you’ll have to create a Raw/Plaintext input to receive syslog messages created by Cisco devices.

https://github.com/Graylog2/graylog2-server/issues/3678#issuecomment-290975114


(Shann) #3

Thanks for the info, Jochen. I’ll use Raw/Plaintext till the next release of graylog.