ACI Contract export to external log server

YEN-HSI Lin · ‎07-05-2017

Hi All:

Can i export the ACI Contract log to external log server?

micgarc2 · ‎07-05-2017

Hi Yen,

I am a little unclear of what you are asking. What are you referring to as an external log server? There are ways to export contracts from tenant to tenant if you want to say use a contract you created in Tenant 1 but also in Tenant 2. Please clarify what you are trying to accomplish and I will do my best to answer your question to my best ability.

Regards,

Michael G.

YEN-HSI Lin · ‎07-05-2017

Hi micgarc2:

Thanks your reply.

my problems is i can see every filter logs per contract in APIC GUI.but i want to export those filter logs to external log server.Is it ok?

micgarc2 · ‎07-06-2017

Yen,

I am not sure what command you are using to filter the logs per contract but as an example here is how I can export contract drops to an external IP.

You can use the command on the leaf :

cd /tmp

show logging ip access-list internal packet-log deny >> Leaf1Deny.txt

Then SCP it over to the external log server using:

scp Leaf1Deny.txt admin@<LogServerIP>:/<filepath>

Bassam Abbasi · ‎02-27-2018

Hello Michael,

I have the same question of Yen which I think was not very clear . I am migrating some policies from the firewalls to ACI contracts, with that we are currently having the firewall policies logging to external syslog server.

So the question is, do we get the same functionality (permited and implicit deny) on ACI by using the log directive, is every packet going to generate a log message?

Thanks.