Device | Details |
---|---|
Vendor | Cisco |
Device Type | Wireless access point manager |
Connection Type | Syslog |
Data Source Name | cisco-wlc |
Data Source ID | 1663 |
After connecting to the Cisco WLC console, enter enable mode.
Configure the remote host to send syslog messages to Sheriff CSM:
config logging syslog host <IP address of the Sheriff CSM Sensor>
Example
(Cisco Controller)> config logging syslog host 10.92.125.52 Cisco log will be sent to 10.92.125.52 from now on.
Set the facility for outgoing syslog messages to the remote host:
(Cisco Controller)> config logging syslog facility syslog
Example
(Cisco Controller)> config logging syslog facility authorization
Set the severity level for filtering syslog messages to the remote host at informational:
(Cisco Controller)> config logging syslog level 6
Logging Level | Keyword/Severity Level | Description |
0 | emergency | System is unusable. Typically devices do not generate Sylog messages with a severity/logging level of 0. |
1 | alert | Immediate action is needed. These messages indicate that action has been taken by the security appliance to resolve a problem or that action needs to be taken by the administrator because of an interface failure, unit standby failure, or bad cables. An administrator should always follow up on an alert message. |
2 | critical | Critical condition requiring immediate attention. These messages indicate that traffic has been blocked or dropped, that spoofed traffic has been detected, or that flags are invalid in traffic. An administrator should usually follow up on critical messages. |
3 | error | Error condition or event. These error messages are specific to security appliance resources such as xlate failures and translation slot failures. An administrator should always follow up on error messages. |
4 | warning | Warning condition or event. These messages are generally warnings about connection problems. An administrator might have to follow up on these warning messages. |
5 | notification | Normal but significant conditions or events. These messages are a mix of notifications of what a security appliance logged-in user is doing on the machine and some messages about Java and ActiveX blocking. An administrator should look at these messages to ensure that unauthorized changes are not being made to the security appliance. |
6 | informational | Informational messages only. These messages describe connections being built and torn down through the security appliance. In most cases, these messages don't need to be audited by an administrator unless users report that they are having problems with specific connections or services. |
7 | debugging | Debugging messages only. These messages are mostly related to IPSec. An administrator uses these messages when bringing up an IPSec tunnel for the first time. For the other debug messages, refer to your device's technical documentation on the Cisco website. |