Sending syslog from HP network devices to Graylog server

0
5103

We will look at HP ProCurve switches and other HP device approximately similar. HP ProCurve switches are capable of sending their logs to a remote Syslog destination via UDP or TCP.

When sending logs over the network it is recommended to use TCP as the more reliable protocol. With UDP there is a potential to lose entries, especially when there is a high volume of messages. It is also possible to send logs via TLS if additional security is required.
Connect to the switch via SSH or Telnet. Replace LEVEL with the logging level (debug, major, error, warning, or info). Replace FACILITY with the Syslog facility to be used for the logs. PROTOCOL with udp, tcp, or tls; and PORT with the required port. If PORT is omitted, the default will be used (514 for UDP, 1470 for TCP, or 6514 for TLS).

# configure
(config)# logging severity LEVEL  # for example: info
(config)# logging facility FACILITY   # for example: local4
(config)# logging 172.16.10.51 UDP 1514
(config)# write memory

We finish configuration on HP device. Now we can move to graylog server to create input to receive logs. Message inputs are the Graylog parts responsible for accepting log messages.

There are many inputs that support graylog and We will use SYSLOG UDP.

So login to graylog and go to System -> Inputs, choose syslog udp from the list and click on Launch new input

Then fill all required field as below and click Save:

Click “Show received messages” to look at logs:

That’s all. I hope, this article was helpful for you and You can look at other articles about graylog from here Graylog log management

LEAVE A REPLY

Please enter your comment!
Please enter your name here