Graylog is not picking Cisco switch logs

shann · April 2, 2017, 7:14am

I setup all my cisco product logs to graylog with tcp connection. Firewall logs only is viewable in graylog.

Switches and Routers log traffics could not see in the system/input even the active connection shows there.

If I set a default syslog port (udp 514) and direct to rsyslog-Linux then it works but when used custom ports in graylog, it doesn’t work properly.

If I telnet to a custom tcp port, I can see the message in graylog that input while the telnet session is active.

Anyone knows what is issue that I’m facing?

jochen · April 2, 2017, 10:10am

Cisco devices unfortunately don’t send valid syslog (according to RFC 3164 or RFC 5424).

We will add support for Cisco syslog in Graylog 2.2.3 (which is due next week) but for now you’ll have to create a Raw/Plaintext input to receive syslog messages created by Cisco devices.

https://github.com/Graylog2/graylog2-server/issues/3678#issuecomment-290975114

shann · April 2, 2017, 10:24am

Thanks for the info, Jochen. I’ll use Raw/Plaintext till the next release of graylog.

Topic		Replies	Views
Can not receive Cisco logs Graylog Central (peer support)	11	9414	May 8, 2018
Graylog not logging Cisco switches logs Graylog Central (peer support)	5	1609	February 23, 2021
Log Cisco Messages Graylog Central (peer support)	20	12371	December 13, 2019
Is it possible to send Cisco Switch logs to Graylog Graylog Central (peer support)	5	8147	December 28, 2017
Cisco 2960 syslog Graylog Central (peer support)	2	1918	June 8, 2018

Graylog is not picking Cisco switch logs

Related topics