top of page

Umbrella VA logging to Remote Syslog Server

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, troubleshooting, and other essential IT operational tasks.


A big advantage of Syslog is that the log server can monitor a vast number of Syslog events via log files. Routers, switches, firewalls, and servers can generate log messages, as well as many printers and other devices.

The Syslog server receives, categorizes, and stores log messages for analysis, maintaining a comprehensive view of what is going on everywhere on the network. Without this view, devices can malfunction unexpectedly, and outages can be hard to trace. Syslog messages are sent via User Datagram Protocol (UDP), port 514. UDP is what is called a connectionless protocol, so messages aren’t acknowledged or guaranteed to arrive. This can be a drawback but also leaves the system simple and easy to manage.


Umbrella VAs can forward logs to a remote Syslog server. Forwarding of logs related to internal DNS queries, logs on upgrades and reboots of the VA, and admin audit logs are supported.


#1) Configure the destination (remote Syslog server) on the VA with the following command:

config logexport destination server-ip-address:port udp

#2) Configure the forwarding of logs on the VA:

config logexport enable health

config logexport enable audit

#3) To check the status of the log forwarding, use the following command:

config logexport status

To turn off logging, use the following command:

config logexport disable <feature>

The feature parameter can take the value of “internaldns”, “health”, “audit” or “all”.



139 views0 comments

Recent Posts

See All

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as part of a Denial of Service (DoS) or Man-in-the-Middle (MiTM)

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs. Logging: A logging filepath can be specified in config.yml.

Cisco ISE | Repository, CLI

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: ➛ Backup and Restore of ISE Configuration and Operational data; ➛ Upgrade of ISE nodes;

Comments


bottom of page