Configuring a Cisco SAN switch to have it send logging to an external syslog server by using the GUI is quite easy to do:

Floow the steps as I walk through DM: click “logs”, then “syslog”, then “setup”

If any syslog server is already configured, you’ll find it here:

You can either delete an existing or create a new entry, but you cannot have more than three entries in total!

If you prefer to have an entry using IPv4 or IPv6, choose IPv4 or IPv6, otherwise use DNS and simply type in its name.

I’ve tried this method to change an existing entry and somehow it wouldn’t stick. Deleting three entries, clicking refresh and 2 came right back…. I failed back to the command line.

The CLI is actually easier, but with less overview of what you’re doing. If you need to list the existing syslog servers, type “show logging”. In the extensive sum-up that follows are the servers you’ve configured so far. If a servers needs to be adjusted, don’t bother to first delete it, because a new entry will overwrite the existing line. But if you need to actually delete one, type “no logging server” followed by its name or IP.

A new entry is made by typing

logging server name-of-the-syslog-server.domainname.extension [severity] port 6514 facility syslog

if you want to use the IP of the server, don’t type its name, but the IP, the syntax is the same. Severity is for example “6” so any message of severity “notice(6)” and lower (more important) will be sent. I’ve put port 6514 here as an example for secure syslog, but any other port will do just fine as well.

If you want thee syslog server entries, repeat the “logging server” line three times, one for each syslog target.

Oh, don’t forget to ask the firewall admin to open the port that you will be using 😉

Don’t forget to save the new config. That’s it!