01-15-2019 02:21 AM
Hello All,
In our organization we are using Cisco Prime ( Ver 3.2 ) as syslog server for network device .So prime management IP is configured as logging host on each and every device.
Now the security folks have approached us saying they need all network logs to splunk as well.
We have 2 options now :
1) add splunk as forwarding at each device
2) Configure prime to forward the syslog it recives to splunk
We prefer option 2 since we do not have to do configure each device all over again.
Questions is , is that even possible to have prime forward the syslog to another external syslog server ?
Thanks,
Varun
01-15-2019 02:29 AM
I would have a further read of this: https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-2/admin/guide/bk_CiscoPrimeInfastructure_3_2_AdminGuide/bk_CiscoPrimeInfastructure_3_2_AdminGuide_chapter_01000.html
It appears you can forward Prime 3.2 to another external syslog server from a quick look.
01-16-2019 07:46 AM
Hi ,
This is feature is to forward prime system logs itself like user login or logout
is not related to forwarding of syslogs that are received from devices.
Thanks,
Varun
01-16-2019 07:48 AM
01-15-2019 04:46 AM
- I know it's a hassle but I still would advise option 2) because splunk's data then depend on the operational status of the Prime server. I mean in strict security aware environments, option 2) could be enforced as a requirement (e.g.).
M.
01-15-2019 04:46 AM
Correcting myself to option 1)....
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide