Cisco – Send logs to mulitple syslog servers

ciscosyslog

we have a cisco 6500 chasis and I would like to send to the logs to two separate syslog servers.

At present, it is already sent to one syslog server. That goes to our security team. But we would like one to go to our network infrastructure team as well.

Is that possible? If it is, can you assist?

Best Answer

You can specify another logging destination by:

conf t
logging host x.x.x.x

Ideally, you really should set up a log collection and distribution point. A great syslog daemon known as syslog-ng may be used to "fork" incoming messages to multiple destinations. This extremely beneficial not only for managing multiple destinations, but because you will not have to make changes on your network devices (aside from the initial set up to your logging host).

Note that there are several other requisite commands that go along with configuring logging that should not be overlooked:

service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
clock timezone GMT 0
!
logging source-interface loopback0
logging buffered 65536
logging host <ip address 1>
logging host <ip address 2>
logging host <ip address 3>
logging trap informational
!
ntp server <ip address 4>
ntp server <ip address 5>
ntp peer <ip address 6>
ntp peer <ip address 7>
ntp update-calendar

I have a published whitepaper on Cisco.com that covers all of this in more detail, and I also own one of the syslog tools mentioned in the paper - I will let you guess which one, since this forum is not for shameless self promotion :-)

Related Topic