Can you please let me know default logging facility both for system & audit logs?
I have configured local7 both for system/audit and a remote host IP but not seeing any logs being sent to my remote syslog server.
Thanks, Abhi
Can you let me know on this query ?
Thanks,
Abhi
Hi
The default facility is LOCAL0.
The ACOS device can send Syslog messages to the following places:
• Local buffer (default level: Debugging - 7)
• Console CLI session (default level: Error - 3)
• Console SSH and Telnet sessions
• External Syslog server
• Syslog server in another partition
• Email address(es)
• SNMP servers (for events that are logged by SNMP traps)
Logging to the local buffer and to CLI sessions is enabled by default. Logging to other places requires additional configuration.
Regards.
Thank You Siddhartha for your reply.
I have tried setting up local0 and i’m not seeing any logs on remote syslog server.
Regards,
Abhi
Hi
There could be multiple reasons, such as the firewall on the Syslog server blocking the messages etc. You may want to check if you are able to receive Syslog messages from others sources and perhaps open a support case if required for further troubleshooting.
The config on the Thunder device itself is pretty straightforward and works as shown by the packet capture I had posted earlier. Here is a sample one for reference:
logging syslog debugging
!
logging host 192.168.40.14
Regards.
Agree, I’m able to receive events from other devices which are on same mgmt subnet so firewall/routing should be good. I will try to open TAC case.