Syslog receives logs from Cisco Switch but doesn't log them

So, I got the task of transmitting all logs made by one particular Cisco switch to our dedicated Syslog Server. Via Cisco IOS I did the following:

schu-ebd-sw-vt14-11#configure terminal
schu-ebd-sw-vt14-11(config)#logging 10.254.1.103  
schu-ebd-sw-vt14-11(config)#logging on
schu-ebd-sw-vt14-11(config)#logging host 10.254.1.103 transport udp port 514
schu-ebd-sw-vt14-11(config)#logging trap debugging
schu-ebd-sw-vt14-11(config)#logging facility local5

10.254.1.103 is the ip to our Syslog server. It has the alias cldlog001. Now entering show log shows the following:

schu-ebd-sw-vt14-11#show log
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


    Console logging: level debugging, 224 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 226 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level debugging, 112 message lines logged
        Logging to 10.254.1.103  (udp port 514, audit disabled,
              link up),
              110 message lines logged, 
              0 message lines rate-limited, 
              0 message lines dropped-by-MD, 
              xml disabled, sequence number disabled
              filtering disabled
        Logging Source-Interface:       VRF Name:

I can confirm via tcpdump that our Syslog server is receiving messages on port 514 from the Cisco device.

[root@cldlog001 remote]# tcpdump -vv -i any port 514 | grep schu-ebd-sw-vt14-11
dropped privs to tcpdump
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    schu-ebd-sw-vt14-11.switch.schu.64118 > cldlog001.cld.schu.syslog: [udp sum ok] SYSLOG, length: 99

However, no logs are written by cldlog001. Here are the important bits of the config file (/etc/rsyslog.conf).

#### TEMPLATES ####
$template CiscoLog, "/var/log/remote/%HOSTNAME%/cisco.log"

# Log all the mail messages in one place.
#mail.*                                                  -/var/log/maillog
local5.*                                                -?CiscoLog

I tried restarting rsyslog but it didn't work.

Any ideas?

You need to add log reception. The imudp module provides the ability to receive syslog messages via UDP.

module(load="imudp")
input(type="imudp" port="514")

Also, when creating a dynamic file, you probably want to use RainerScript, which is the most recent script language for rsyslog. This could look like the following:

# Rsyslog uses templates to generate dynamic files
template(name="DynaFile" type="string"
    string="/var/log/remote/%hostname%/cisco.log")


# Custom template to generate the log folder dynamically based on the client's hostname.
action(type="omfile" template="someMessageTemplate" dynaFile="DynaFile")

Note: You'll also have to make sure, that you (or rsyslog) have the needed permissions to create folders and files.