I'm able to get the Cisco switch log files from switch IP address to my machine, but how do I use and configure Syslog-ng to to get the switch log files into /var/logs/cisco_switch.log
. I don't see any files coming into /var/logs/cisco_switch.log
, but I could see the log files automatically coming into /var/log/syslog
.
Appreciate any help to configure it.
Listening to incoming UDP Syslog connections
source s_src {
system();
internal();
udp(port(514));
};
Destination files
destination switch01{ file(“/var/log/Cisco_switch.log”); };
########################
# Filters
filter f_switch01 { host(“SWITCH_IP_ADDRESS”); };
########################
# Log paths
log { source(s_src); filter(f_switch01); destination(switch01); };
@include "/etc/syslog-ng/conf.d/*.conf"
If anything is wrong with the script, please correct me. Should I make any configuration settings in /etc/init.d/syslog-ng ?
Rather than reinventing the wheel I'm going to point you to this wonderful post:
http://blogs.splunk.com/2016/03/11/using-syslog-ng-with-splunk/
Hope that helps
thanks ...