Two main components of a Syslog system are Syslog servers and Syslog clients. A Syslog server is a Unix/Linux/Windows server, which is running a Syslog server product. Syslog clients (Cisco Routers / Cisco Switches / ASA Firewalls) forward the Syslog messages to the Syslog server and Syslog server receives and stores thos Syslog messages for future auditing.
Many Syslog server applications are available. GNU public licence based free Syslog server products are also available. Click the following link to download a free Syslog Server from sourceforge.net.
Another widely used commercial Syslog server is Solarwinds Kiwi Syslog Server. Click the following link to download a trail version of Solarwinds Kiwi Syslog Server.
Syslog Server Installation and Configuration Lab Setup
Kiwi Syslog Server Installation
Follow these steps to learn how to install and configure Kiwi Syslog Server for Cisco Routers and Switches.
Step 1 : Run the Kiwi Syslog Server installation file on the machine which you want to make a Syslog Server. Click "I Agree" to agree the software licensing terms and to continue Kiwi Syslog server installation.
Step 2: Select the operating mode of Kiwi Syslog Server. You can run Kiwi Syslog Server as an Application or as a Service. If you install Kiwi Syslog Server as Service in Windows Server, we can configure the service to run automatically when the server boot up.
Step 3: Select the Operating System user account for Kiwi Syslog Server installation.
Step 4 - Select the check boxes if you want to intstall Kiwi Syslog Server web access. Kiwi Syslog Server web access allows remote acccess to the Syslog Server.
Step 5 - Select the Kiwi Syslog Server components which you want to install.
Step 6 : Select the Kiwi Syslog Server installation folder.
Step 7 : If you do not have Microsoft dotnet 3.5 in your server Operating System, Kiwi Syslog Server will prompt you to download and install Microsoft dotnet 3.5.
Step 8 : After the installation, you can view the "installation completed" screen, as shown below. Check the "Run Kiwi Syslog Server" checkbox and click "Finish" button to run Kiwi Syslog Server.
Step 9 : Kiwi Syslog Server Graphical User Interface is shown below.
Step 10 : After the installation, to confirm the Syslog service is running use the netstat command as shown below. UDP is the Transport Layer protocol for Syslog and the well known port number is UDP 514.
How to configure Cisco Router / Switch for forward Syslog messages to Syslog Server
Use the following commad in a Cisco Router or Switch to configure the IP Address of the Syslog Server. The Syslog messages will be forwarded to the IP address configured.
Now you can see that the Kiwi Syslog Server started collecting Syslogs from the Router, OmniSecuR1, as shown below.