Cisco
Login
Search

DNS Forwarders Configure Virtual Appliances Configure Settings on VAs Configure Logging to Remote Syslog Server Configure the Destination of the Remote Syslog Server

Last updated: Aug 22, 2025

Configure the Destination of the Remote Syslog Server

config logexport destination <server-ip-address:port> <protocol>

Supported Values for <protocol>:

  • TCP, UDP, or TLS.
  • If no value is specified, TCP is the default.
  • If the protocol value is TCP or UDP and a port is not specified, 514 is assigned as the default port.
  • If the protocol value is TLS and a port is not specified, 6514 is taken as the default port.
  • IPv6 addresses are not supported as destination IPs for this command.

    For example: config logexport destination <10.26.02.82:514> udp

To forward the logs over a TLS-encrypted session, first create the certificates for the client (VA) and server (remote syslog server). The certificates can be self-signed or signed by a Root certificate authority (CA).

Add the key and certificate to the VA using the following commands:

config logexport key <copy the contents from keyForClientCert.pem file>
config logexport cert <copy the contents from ClientCert.pem file>
config logexport ca \<copy the contents from selfsignedCA.pem|chainCertCA.pem file>

 
The CA configured in the last command should be the CA used to sign the server certificate.
Previous topic Configure Logging to Remote Syslog Server Next topic Configure Log Export Internal DNS