Cisco Catalyst SD-WAN Control Components and Device Management Guide, Releases 26.x and Later

Remote logging over TCP and TLS

Updated: June 9, 2026

Want to summarize with AI?

Describes the benefits and setup of remote system logging using TCP and TLS, including configuration procedures, verification steps, and secure transmission of log data for centralized monitoring.

Remote logging refers to saving system log information on a remote server.

From Cisco IOS XE Catalyst SD-WAN Release 17.13.1a and Cisco Catalyst SD-WAN Manager Release 20.13.1, remote logging of syslog messages can include TCP and TLS transport methods, in addition to UDP. This applies to SD-WAN Control Component.

The default transport type for remote logging is UDP. But you can optionally select TCP or TLS as the transport method for remote logging.

Benefits of remote logging over TCP and TLS

These are benefits of remote logging over TCP and TLS.

Syslog over TCP and TLS supports large-scale network environments. While TCP can handle large volumes of data, TLS can ensure that the log data is securely sent and protected from unauthorized access or tampering.
You can configure up to four separate remote syslog servers with the option to assign each server a unique transport protocol such as UDP, TLS, or TCP. Alternatively, you can choose to use the same transport protocol for all four servers.
For remote logging over TLS, a TLS profile supports TLS version 1.2. Also, various cipher suites can be accommodated within the TLS profile, depending on the TLS version.

Configure remote logging over TCP using CLI commands

Before you begin

Follow these steps to configure remote logging over TCP using CLI commands.

Procedure

	1.	Create a CLI add-on profile or CLI add-on template.
	2.	Configure a remote server with transport type TCP. `system logging server server-ip-address transport tcp port 514`

system
logging
  disk
   enable
  !
  server 10.0.1.56
   transport tcp
  exit
!
!

Configure remote logging over TLS using CLI commands

Before you begin

Follow these steps to configure remote logging over TLS using CLI commands.

Procedure

	1.	Create a CLI add-on profile or CLI add-on template.
	2.	Use these steps to install, list, and uninstall the certificate authority (CA) certificate from the syslog server. Install a certificate. `request logging ca-cert install new syslog-ng ca` List all installed certificates. `show logging cacert` Uninstall a certificate if necesseary. `request logging ca-cert uninstall cert-name`
	3.	Create a TLS profile. `system logging tls-profile profile-name tls-version TLSv1.2 ciphersuite ciphersuite1 ciphersuite2` Creating a TLS profile involves specifying the protocols and cipher suites that a device will use for secure communication. You can configure up to four TLS profiles.
	4.	Attach a TLS profile to a remote logging server. `server server-ip-address vpn vpn-instance-of-logging-server source-interface interface-num transport tls tls-profile tls-profile-name`

system
logging
  disk
   enable
  !
  tls-profile profile1
   version     TLSv1.2
   ciphersuite ECDHE-ECDSA-AES128-SHA256 AES256-GCM-SHA384 PSK-AES256-GCM-SHA384 PSK-AES128-GCM-SHA256 AES256-SHA256
  exit
  server 10.0.1.55
   source interface 10.1.1.12
   transport   tls
   tls-profile profile1
  exit
!
!

Verifying remote logging over TCP and TLS

View the installed certificates to verify that remote logging is possible over TCP and TLS.

The show logging cacert command shows installed certificates.

Device# show logging cacert 
INDEX  NAME      VALIDITY
--------------------------------------------
0      cert.pem  Fri Jun 21 20:35:10 2024

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.