On This Page
Configuring Cisco Syslogs
For general information about sending syslogs, see Sending Additional Information using Syslog.
To monitor with full accountability, your Cisco devices must send syslogs to SecureTrack. To do this, define SecureTrack as a syslog server for each monitored Cisco switch, router, and firewall.
Certain devices can also use syslogs to collect traffic information that you can use for the Automatic Policy Generator (APG).
The firewalls in the organization must be configured to allow the
For switches, SecureTrack associates syslogs with their source device only by IP address. Therefore, accountability information for switches will be incorrect if the syslogs are sent from an IP address other than the one monitored by SecureTrack.
For Cisco devices, a logging string is used to map a syslog message to a Device ID. If the logging string is not mapped, there is a fallback mechanism that maps the log message to the source IP of the packet. This mechanism does not work if the log message is sent via a syslog server because the syslog source-IP would be that of the syslog server and not that of the monitored device.
If the logging string is changed from “A” to “B”, SecureTrack cannot recognize logs by their contents until a new revision is received. During the period of time before the new revision arrives, the source-IP fallback allows SecureTrack to correctly recognize the device that sent the logs, provided that the syslog server is not used.
To use syslog server forwarding, ensure the following:
- The syslog server does not modify the message content
- The device is configured with the logging host
- A revision has been received by the current logging host