Cisco Syslog Server Question?

cpatte7372
cpatte7372 used Ask the Experts™
on
Hello Experts,

Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?

I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.

Please configs and attached topology

Cheers

Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solution Only
Commented:
I assume the syslog server has a simple default route pointing at Gibbon, correct?
If this is a Windows server, you can post an 'ipconfig/all' and 'route print' to verify.

Whenever you setup logging, traps, netflow, SNMP, or anything that does automatic reporting you should set the source interface manually. This applies to labs as well as production networks.

I would set the source interface so that, at the least, you know what the source IP will be from all routers. Also, check the routing tables to make sure all IP's are reachable.

The only other difference I see in your configs is that Drill and Orangutan don't have Loopback addresses unlike the other two.
cpatte7372

Author

Commented:
Hello rauenpc,

Thanks for responding.

The default gateway 192.168.1.2 is the connection to Gibbon

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Loopback Adapter
   Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.2
   DHCPv6 IAID . . . . . . . . . . . : 268566604
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC-AE-C5-E1-B0-15

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

The route print is as follows:
C:\Users\User>route print
===========================================================================
Interface List
 16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.2      192.168.1.1    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.1    286
      192.168.1.1  255.255.255.255         On-link       192.168.1.1    286
    192.168.1.255  255.255.255.255         On-link       192.168.1.1    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.1    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.1    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.2  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    286 fe80::/64                On-link
 16    286 fe80::bcf2:805d:59aa:2b65/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

rauenpc, does this tell you anything?


Cheers
rauenpc

Commented:
That all looks good. I just wanted to make sure this wasn't a goofy static route on a server (which I actually have seen in production networks).

Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.

Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Find out now!
cpatte7372

Author

Commented:
Rauenpc

I ping all interfaces from the server. I can also ping the server from all routers.

Any more suggestions?
mikebernhardt
Top Expert 2004

Commented:
If you can ping all of the router interfaces from the server then it should receive syslog traffic based on your configs. Here's a thought: Is it possible that windows firewall is blocking some of the syslog traffic?
cpatte7372

Author

Commented:
Cheers
cpatte7372

Author

Commented:
Cheers

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial