Using Log Insight as Syslog Server for HPE 5000 series Switches
In one of my last posts I’ve shown how to collect and monitor status logs of many different systems wit vRealize Log Insight. In this post I will show how to leverage Log Insight as syslog target for HPE switches.
Basically you can use Log Insight for any system that uses the syslog protocol, but there might be slight differences in the data structure of the transmitted datasets. For example some HPE FlexFabric 5000 series switches sent the year of the timestamp where Log Insight expected to find the hostname. Not very useful, because you want to know WHO sent that dataset.
The following commands on the switch shell will prepare the switch for logging to a remotehost and adjust the dataset to read properly by Log Insight. Finally you tell the switch which VLAN interface should be used to communicate with the loghost. In my simple example it’s VLAN interface 1. You’ll have to adjust values for loghost and interface according to your infrastructure.
system-view info-center enable info-center loghost s-vlog.mydomain.local port 514 info-center timestamp loghost no-year-date info-center loghost source Vlan-interface 1