Configuring a Cisco IOS Router or Switch to Send Syslogs

SecureChange Requester This topic is intended for TOS Administrators.

Overview

Syslog traffic must be configured to arrive to the TOS cluster that monitors the device - see Sending Additional Information via Syslog.

Syslog proxy is supported for specific devices. For more information on syslog proxy support for supported devices, see Configuring Devices to Send Logs.

Only rules that are marked for logging in the device are included in the syslogs.

Configure Sending Syslogs from a Cisco Router or Switch (for Accountability)

  1. Open a command line to the device, and run the following commands:

    configure terminal
    logging on
    logging facility local7
    logging trap notifications
    logging host <ST_IP>

    where <ST_IP> is the appropriate TOS destination described in Sending Additional Information via Syslog.

  2. For routers only (not switches), configure a unique logging ID in one of the following ways. No other device or virtual context may have the same ID:

    • To set the logging ID to the hostname, run:

      logging origin-id hostname

    • To set the logging ID to another name, run:

      logging origin-id string <name>

      where <name> is the new unique logging ID.

      To use a non-default facility, see the Tech Note to configure SecureTrack for non-default syslogs.