SIEM integration via Syslog OS6450
Posted: 13 Apr 2021 15:21
Hi guys,
I don't have much experience with this kind of configuration for the OS switches so hopefully you can help me out.
I want to send logs about configuration changes, interface status, system events and similar to my SIEM via Syslog protocol. I used the following set of commands to make the configuration, but unfortunately cannot see any logs appearing in my destination server:
swlog appid ALL level warning
swlog output socket <SIEM-IP-address>
swlog remote command-log enable
swlog console level info
The output of show swlog is as follows:
-> show swlog
Operational Status : On,
Log Device 1 : flash,
Log Device 2 : console,
Log Device 3 : ipaddr <SIEM-IP-address>,
Syslog FacilityID : local0(16),
Remote command-log : Enabled,
Console Display Level : info (6),
All Applications Trace Level : warning (5)
Where am I going wrong?
Thank you!
Kind Regards,
Blagoja
I don't have much experience with this kind of configuration for the OS switches so hopefully you can help me out.
I want to send logs about configuration changes, interface status, system events and similar to my SIEM via Syslog protocol. I used the following set of commands to make the configuration, but unfortunately cannot see any logs appearing in my destination server:
swlog appid ALL level warning
swlog output socket <SIEM-IP-address>
swlog remote command-log enable
swlog console level info
The output of show swlog is as follows:
-> show swlog
Operational Status : On,
Log Device 1 : flash,
Log Device 2 : console,
Log Device 3 : ipaddr <SIEM-IP-address>,
Syslog FacilityID : local0(16),
Remote command-log : Enabled,
Console Display Level : info (6),
All Applications Trace Level : warning (5)
Where am I going wrong?
Thank you!
Kind Regards,
Blagoja