Configuring a syslog server
Configuring a remote log server to send Sentry syslog data is a two step process and requires the following:
| 1. | Adding a syslog server |
| 2. | Enabling log data |
To view Sentry facility configuration see:
| • | Displaying syslog configuration |
Adding a syslog server
To add or edit a syslog server, type the following command in CONFIG mode:
syslog <server> [port] <protocol> <facility> <log-level> [state]
To delete a syslog server, type the following command in CONFIG mode:
no syslog <server> [port]
|
Parameter |
Description |
||||||||||||||||||||||||
|
server |
IP address or hostname of the syslog server. |
||||||||||||||||||||||||
|
port |
Syslog server port. Use port 514 if you are adding MobileIron Monitor. If the port number is not provided, the default port 514 is used. |
||||||||||||||||||||||||
|
protocol |
Protocol of the syslog server. The options are:
|
||||||||||||||||||||||||
|
facility |
Type of log messages sent to the syslog server. The options are:
|
||||||||||||||||||||||||
|
log-level |
Minimum severity level of log messages to be sent. The options are:
CLI does not limit log-level by the facility choice. |
||||||||||||||||||||||||
|
state |
State of the syslog server. The options are:
If state is not specified, syslog is enabled by default. |
Enabling log data
After adding a syslog server, you need to also enable the log data for the facility you selected for the syslog server. Sentry forwards the log data that is enabled to the syslog server. General log data is enabled by default. No additional action is required if you chose General facility when you added the syslog server.
To enable log data for the facility, enter the following command in CONFIG mode:
sentry {audit | health-monitor}
|
Feature |
Command |
|
Enable sentry audit log data |
sentry audit |
|
Enable sentry health monitoring |
sentry health-monitor |
|
Disable sentry audit |
no sentry audit |
|
Disable sentry health monitoring |
no sentry health-monitor |
Displaying syslog configuration
To view syslog server facility configuration use the following commands in EXEC or PRIVILEGED mode:
|
Feature |
Command |
|
Display syslog configuration |
show logging |
|
Display sentry audit configuration |
show sentry audit config |
|
Display sentry health monitoring |
show sentry health-monitor |
Example
sentry# show logging
+-----------------------------+-------+----------+-----------------+-----------+--------
Hostname / IP Address + Port + Protocol + Facility Type + Log Level + State
+-----------------------------+-------+----------+-----------------+-----------+--------
app1111.auto1.mycompany.com 514 UDP health-monitor info enable