Cisco Nexus
The Cisco Nexus DSM for JSA supports alerts from Cisco NX-OS devices.
Syslog is used to forward events from Cisco Nexus to JSA. Before you can integrate events with JSA, you must configure your Cisco Nexus device to forward syslog events.
Configuring Cisco Nexus to Forward Events
You can configure syslog on your Cisco Nexus server to forward events:
Type the following command to switch to configuration mode:
config t
Type the following commands:
logging server <IP address> <severity>
Where:
<IP address> is the IP address of your JSA console.
<severity> is the severity level of the event messages, that range 0 - 7 in value.
For example,
logging server 192.0.2.1
forwards information level (6) syslog messages to 192.0.2.1.Type the following command to configure the interface for sending syslog events:
logging source-interface loopback
Type the following command to save your current configuration as the startup configuration:
copy running-config startup-config
The configuration is complete. The log source is added to JSA as Cisco Nexus events are automatically discovered. Events that are forwarded to JSA by Cisco Nexus are displayed on the Log Activity tab of JSA.
Syslog Log Source Parameters for Cisco Nexus
If JSA does not automatically detect the log source, add a Cisco Nexus log source on the JSA Console by using the syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect syslog events from Cisco Nexus devices:
Parameter |
Value |
---|---|
Log Source type |
Cisco Nexus |
Protocol Configuration |
Syslog |
Log Source Identifier |
Type the IP address or host name for the log source. The identifier helps you determine which events came from your Cisco Nexus device. |
Cisco Nexus Sample Event Message
Use these sample event messages to verify a successful integration with JSA.
Cisco Nexus sample message when you use the Syslog protocol
The following sample event message shows a pluggable authentication module (PAM) authentication failed event.
<187>Jul 1 15:21:27 <domain> : 2014 Jul 1 15:21:27.206 CEST: %AUTHPRIV-3- SYSTEM_MSG: pam_aaa:Authentication failed for user <user> from <IP> sshd [XXXX]
The following sample shows a Radius error message.
<187>XXXX: 2016 Jun 30 22:05:09 GMTuno: %RADIUS-3-RADIUS_ERROR_MESSAGE: RADIUS server <IP> failed to respond