Configure devices to send messages to Log Analyzer
To receive messages from a syslog-capable device, configure the device to send syslog messages to the appropriate port on the computer where the dedicated server is installed.
Log Analyzer listens for UDP messages on port 514 and TCP messages on ports 1468 and 6514. These are the default ports for devices sending syslog messages as defined by RFC standards 5425 and 5426. Learn about configuring secure syslog settings here.
Log Analyzer listens for SNMP trap messages on UDP port 162. This is the default port for devices sending SNMP traps as defined by RFC standard 1157.
For information about configuring a specific device, refer to documentation from the device manufacturer. Below is an example for configuring a Cisco switch.
The following example shows how to configure a Cisco Catalyst 2960 switch. To configure other types of devices, see the device manufacturer's instructions.
Message logging must be enabled on the device. On many devices that generate syslog messages, logging is enabled by default.
- On the Cisco Catalyst 2960 switch, open the Cisco command-line interface and begin a session.
- Verify that you are in privileged EXEC mode on the switch. To enter
Privileged EXECmode, type the command:
- Switch to global configuration mode. Type the command:
- Verify that logging is enabled. If logging has been disabled, type the command:
- Configure the switch to send log messages to the Log Analyzer database. Type the command:
where host is the name or IP address of the device where the dedicated server is installed.
- Limit the messages sent based on priority level. Type the command:
logging trap level
where level is one of the following, listed in descending order of priority:
- informational (default level)
The device sends messages with the specified priority level and above. For example, the level critical sends messages with priority levels of critical, alerts, and emergencies.
- Return to privileged EXEC mode. Type the command: