Forward device syslog in prime to remote servers ( SPLUNK )

vark00001 · ‎01-15-2019

Hello All,

In our organization we are using Cisco Prime ( Ver 3.2 ) as syslog server for network device .So prime management IP is configured as logging host on each and every device.

Now the security folks have approached us saying they need all network logs to splunk as well.

We have 2 options now :

1) add splunk as forwarding at each device

2) Configure prime to forward the syslog it recives to splunk

We prefer option 2 since we do not have to do configure each device all over again.

Questions is , is that even possible to have prime forward the syslog to another external syslog server ?

Thanks,

Varun

xAdventix · ‎01-15-2019

I would have a further read of this: https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-2/admin/guide/bk_CiscoPrimeInfastructure_3_2_AdminGuide/bk_CiscoPrimeInfastructure_3_2_AdminGuide_chapter_01000.html

It appears you can forward Prime 3.2 to another external syslog server from a quick look.

vark00001 · ‎01-16-2019

Hi ,

This is feature is to forward prime system logs itself like user login or logout

is not related to forwarding of syslogs that are received from devices.

Thanks,

Varun

vark00001 · ‎01-16-2019

Hi ,

This is feature is to forward prime system logs itself like user login or logout

is not related to forwarding of syslogs that are received from devices.

Thanks,

Varun

marce1000 · ‎01-15-2019

- I know it's a hassle but I still would advise option 2) because splunk's data then depend on the operational status of the Prime server. I mean in strict security aware environments, option 2) could be enforced as a requirement (e.g.).

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

marce1000 · ‎01-15-2019

Correcting myself to option 1)....

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !