Configure Kiwi Syslog Server for Cisco Routers and Switches

Two main components of a Syslog system are Syslog servers and Syslog clients. A Syslog server is a Unix/Linux/Windows server, which is running a Syslog server product. Syslog clients (Cisco Routers / Cisco Switches / ASA Firewalls) forward the Syslog messages to the Syslog server and Syslog server receives and stores thos Syslog messages for future auditing.

Many Syslog server applications are available. GNU public licence based free Syslog server products are also available. Click the following link to download a free Syslog Server from sourceforge.net.

Another widely used commercial Syslog server is Solarwinds Kiwi Syslog Server. Click the following link to download a trail version of Solarwinds Kiwi Syslog Server.

Syslog Server Installation and Configuration Lab Setup

Syslog Lab Setup

Kiwi Syslog Server Installation

Follow these steps to learn how to install and configure Kiwi Syslog Server for Cisco Routers and Switches.

Step 1 : Run the Kiwi Syslog Server installation file on the machine which you want to make a Syslog Server. Click “I Agree” to agree the software licensing terms and to continue Kiwi Syslog server installation.

Kiwi Syslog Server License Agreement

Step 2: Select the operating mode of Kiwi Syslog Server. You can run Kiwi Syslog Server as an Application or as a Service. If you install Kiwi Syslog Server as Service in Windows Server, we can configure the service to run automatically when the server boot up.

Kiwi Syslog Server Service or Application

Step 3: Select the Operating System user account for Kiwi Syslog Server installation.

Kiwi Syslog Server User Account

Step 4 – Select the check boxes if you want to intstall Kiwi Syslog Server web access. Kiwi Syslog Server web access allows remote acccess to the Syslog Server.

Kiwi Syslog Server Web Access

Step 5 – Select the Kiwi Syslog Server components which you want to install.

Kiwi Syslog Server Components

Step 6 : Select the Kiwi Syslog Server installation folder.

Kiwi Syslog Server Installation Folder

Step 7 : If you do not have Microsoft dotnet 3.5 in your server Operating System, Kiwi Syslog Server will prompt you to download and install Microsoft dotnet 3.5.

Kiwi Syslog Server Dotnet Download

Step 8 : After the installation, you can view the “installation completed” screen, as shown below. Check the “Run Kiwi Syslog Server” checkbox and click “Finish” button to run Kiwi Syslog Server.

Kiwi Syslog Server Installation Completed

Step 9 : Kiwi Syslog Server Graphical User Interface is shown below.

Kiwi Syslog Server GUI

Step 10 : After the installation, to confirm the Syslog service is running use the netstat command as shown below. UDP is the Transport Layer protocol for Syslog and the well known port number is UDP 514.

Syslog UD Port Number 514

How to configure Cisco Router / Switch for forward Syslog messages to Syslog Server

Syslog Lab Setup

Use the following commad in a Cisco Router or Switch to configure the IP Address of the Syslog Server. The Syslog messages will be forwarded to the IP address configured.

R1#configure terminal
R1(config)#logging 192.168.10.100
R1(config)#exit
R1#

Now you can see that the Kiwi Syslog Server started collecting Syslogs from the Router, OmniSecuR1, as shown below.

Kiwi Syslog Server with syslog messages