I'm so close to having this resolved. We have a large (20) number of cisco switches on our network. They're now pointed at my Syslog server (x.x.10.20). I can see UDP traffic coming in via TCPDump. But nothing is being logged. My config looks like this... what am I missing?
source s_cisco_collector { udp (ip(0.0.0.0) port(514)); };
destination d_cisco_logs { file ("/var/log/cisco/cisco_switch.log"); };
log { source(s_cisco_collector); destination(d_cisco_logs); };
No comments:
Post a Comment