I am unable to collect logs from a Cisco Nexus 3524 switch. This particular model doesn’t allow a custom port, it only sends logs on udp 514. I am running a syslog TCP and UDP input in port 1514. To collect logs from the Nexus switch, I added a redirect on iptables to catch tcp and udp on port 514. I tested this by temporarily changing the logging address on an HP switch to udp and port 514, and I instantly received logs on Graylog. But the Cisco Nexus switch doesn’t seem to work.
I can ping from the switch to the graylog server. I ran tcpdump on graylog server and could see the packets flow from the HP switch sending to port 514, but nothing from the Nexus Switch. The nexus switch is on the same VLAN as the syslog server. The Nexus switch was showing a “unreachable server” error until I restarted the syslog server, I searched about this online and it seems to be a bug of the switch.
I’ve been able to monitor several HP and traditional Cisco Switches, but for some reason Nexus is giving me a ton of issues. Please let me know if I missed something.
Graylog and the Nexus switch are on the same VLAN, graylog has a secondary interface for internet access.
(Debian 11.0.12 on Linux 5.10.0-8-amd64)