Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.
Cisco Syslog Server Question?
Hello Experts,
Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?
I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.
Please configs and attached topology
Cheers
Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?
I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.
Please configs and attached topology
Cheers
Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
Who is Participating?
Hello rauenpc,
Thanks for responding.
The default gateway 192.168.1.2 is the connection to Gibbon
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 268566604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
The route print is as follows:
C:\Users\User>route print
==========================
Interface List
16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.1 286
192.168.1.1 255.255.255.255 On-link 192.168.1.1 286
192.168.1.255 255.255.255.255 On-link 192.168.1.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 286
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.2 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 286 fe80::/64 On-link
16 286 fe80::bcf2:805d:59aa:2b65/
On-link
1 306 ff00::/8 On-link
16 286 ff00::/8 On-link
==========================
Persistent Routes:
None
rauenpc, does this tell you anything?
Cheers
Thanks for responding.
The default gateway 192.168.1.2 is the connection to Gibbon
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 268566604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
The route print is as follows:
C:\Users\User>route print
==========================
Interface List
16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.1 286
192.168.1.1 255.255.255.255 On-link 192.168.1.1 286
192.168.1.255 255.255.255.255 On-link 192.168.1.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 286
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.2 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 286 fe80::/64 On-link
16 286 fe80::bcf2:805d:59aa:2b65/
On-link
1 306 ff00::/8 On-link
16 286 ff00::/8 On-link
==========================
Persistent Routes:
None
rauenpc, does this tell you anything?
Cheers
That all looks good. I just wanted to make sure this wasn't a goofy static route on a server (which I actually have seen in production networks).
Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.
Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.
Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Rauenpc
I ping all interfaces from the server. I can also ping the server from all routers.
Any more suggestions?
I ping all interfaces from the server. I can also ping the server from all routers.
Any more suggestions?
If you can ping all of the router interfaces from the server then it should receive syslog traffic based on your configs. Here's a thought: Is it possible that windows firewall is blocking some of the syslog traffic?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
If this is a Windows server, you can post an 'ipconfig/all' and 'route print' to verify.
Whenever you setup logging, traps, netflow, SNMP, or anything that does automatic reporting you should set the source interface manually. This applies to labs as well as production networks.
I would set the source interface so that, at the least, you know what the source IP will be from all routers. Also, check the routing tables to make sure all IP's are reachable.
The only other difference I see in your configs is that Drill and Orangutan don't have Loopback addresses unlike the other two.