Send syslog messages via TCP

henriquesa · Post by **henriquesa** » 11 Mar 2025 05:29

Hello,
My colleagues and I are currently working on configuring syslog forwarding on our OmniSwitch 6860E 24-Port Chassis and need assistance in enabling TCP-based syslog transmission to our remote syslog server.
By default, the switch sends syslog messages using UDP port 514. So, we have to configure the switch to forward syslog messages via TCP. We have tested this by manually modifying the syslog-ng configuration in root mode (SHASTA #) and specifying the destination for TCP logging. This approach successfully allows syslog messages to be sent over TCP.
However, the issue we are facing is that these changes are lost upon a switch reboot. We would like to know how to make this configuration persistent across reboots or if there’s any other efficient method of doing this.

Thanks in advance,
Augusto

Post by **silvio** » 11 Mar 2025 11:19

Try it with the AOS command:
swlog output socket <ip-address> tls

henriquesa · Post by **henriquesa** » 11 Mar 2025 12:47

Hi Silvio,
Thanks for your message. Unfortunately, according to my client's requirements, I need to specify the TCP port (12345). Since the default port for TLS-based syslog is 6514, this might be an issue. Also, enabling TLS would require configuring the certificate on the server side, which I have to request permission from the client to do so.

Do you know of any alternative method to send syslog messages over TCP without TLS (unencrypted) to a specific port? Or, if TLS is the only option, could you tell me if it's possible to change the default TLS port?

Thank you once again,
Augusto

Post by **silvio** » 12 Mar 2025 08:50

Hi, no idea. But this is a good point to open a SR at ALE.
BR Silvio

Cristek · Post by **Cristek** » 12 Mar 2025 14:23

According to the CLI guide, you can specify a port. Maybe that's what you are looking for?

swlog output socket 1.2.3.4 321 tls

but the CLI guide doesn't show any other options for simply TCP

henriquesa · Post by **henriquesa** » 14 Mar 2025 05:08

Hi Silvio,
Thanks anyways, do you know how to open a SR at ALE? I am still newbie with this topic...
Best regards

henriquesa · Post by **henriquesa** » 14 Mar 2025 05:28

Hi Cristek,
I tried that command with a specific port, and it’s accepted. It "works" when checking Remote Sockets and 'show swlogs':

Log Device 2 – IP Address: 1.2.3.4:321

However, syslogs are not being sent to the server (to the specific port). The syslog-ng configuration file shows that logs are sent using the default TLS port 6514, even if another port is specified. It seems enabling TLS forces this default. Apparently, you can only change it using root unfortunately

Post by **silvio** » 14 Mar 2025 13:06

If you are no ALE partner you have to ask where you have bought the switches. If you are a partner you go in myportal via support to service request.

Alcatel Unleashed

Send syslog messages via TCP

Send syslog messages via TCP

Re: Send syslog messages via TCP

Re: Send syslog messages via TCP

Re: Send syslog messages via TCP

Re: Send syslog messages via TCP

Re: Send syslog messages via TCP

Re: Send syslog messages via TCP

Re: Send syslog messages via TCP