Skip to main content

CISCO Nexus Integrations

Overview

The Cisco Nexus integration allows users to monitor Errors and System Messages. The Cisco Nexus series switches are modular and fixed port network switches designed for the data center. All switches in the Nexus range run the modular NX-OS firmware/operating system on the fabric. NX-OS has some high-availability features compared to the well-known Cisco IOS. This platform is optimized for high-density 10 Gigabit Ethernet.

Use the Cisco Nexus integration to collect and parse data from Syslog and log files. Then visualize that data through search, correlation and visualization within Elastic Security.


Data streams

The Cisco Nexus integration collects one type of data: log.

Log consists of errors and system messages. See more details about errors and system messages


Requirements

Elastic Agent must be installed. 

The minimum kibana.version required is 8.7.0.

This module has been tested against the Cisco Nexus Series 9000, 3172T and 3048 Switches.


Setup

To collect data from Cisco Nexus, follow the below steps:


Logging System Messages to a File

You can configure the device to log system messages to a file. By default, system messages are logged to the file /logflash/log/logfilename .

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

no ] logging logfile logfile-name severity-level [ | size bytes ]

Example:

switch(config)# logging logfile my_log 6

Configures the nonpersistent log file parameters.

logfile-name : Configures the name of the log file that is used to store system messages. Default filename is "message".

severity-level : Configures the minimum severity level to log. A lower number indicates a higher severity level. Default is 5. Range is from 0 through 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

size bytes : Optionally specify maximum file size. Range is from 4096 through 4194304 bytes.

Step 3

logging event {link-status | trunk-status} {enable | default}

Example:

switch(config)# logging event link-status default

Logs interface events.

  • link-status —Logs all UP/DOWN and CHANGE messages.

  • trunk-status —Logs all TRUNK status messages.

  • enable —Specifies to enable logging to override the port level configuration.

  • default —Specifies that the default logging configuration is used by interfaces that are not explicitly configured.



Configuring Syslog Servers

Note: Cisco recommends that you configure the syslog server to use the management virtual routing and forwarding (VRF) instance. For more information on VRFs, see Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.


You can configure up to eight syslog servers that reference remote systems where you want to log system messages.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[nologging server host [severity-level [use-vrf vrf-name]]

Example:

switch(config)# logging server 192.0.2.253

Example:

switch(config)# logging server 2001::3 5 use-vrf red

Configures a syslog server at the specified hostname, IPv4, or IPv6 address. You can specify logging of messages to a particular syslog server in a VRF by using the use-vrf keyword. The use-vrf vrf-name keyword identifies the default or management values for the VRF name. The default VRF is the management VRF, by default. However, the show-running command will not list the default VRF. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

The default outgoing facility is local7.

The no option removes the logging server for the specified host.

The first example forwards all messages on facility local 7. The second example forwards messages with severity level 5 or lower to the specified IPv6 address in VRF red.

Step 3

logging source-interface loopback virtual-interface

Example:

switch(config)# logging source-interface loopback 5

Enables a source interface for the remote syslog server. The range for the virtual-interface argument is from 0 to 1023.

NOTE:

  • Use the Timezone Offset parameter, if the timezone is not present in the log messages.

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.