WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!
Cisco Syslog Server Question?
Hello Experts,
Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?
I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.
Please configs and attached topology
Cheers
Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?
I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.
Please configs and attached topology
Cheers
Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
Asked:
-
4
2
1 Solution
Hello rauenpc,
Thanks for responding.
The default gateway 192.168.1.2 is the connection to Gibbon
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 268566604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
The route print is as follows:
C:\Users\User>route print
==========================
Interface List
16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.1 286
192.168.1.1 255.255.255.255 On-link 192.168.1.1 286
192.168.1.255 255.255.255.255 On-link 192.168.1.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 286
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.2 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 286 fe80::/64 On-link
16 286 fe80::bcf2:805d:59aa:2b65/
On-link
1 306 ff00::/8 On-link
16 286 ff00::/8 On-link
==========================
Persistent Routes:
None
rauenpc, does this tell you anything?
Cheers
Thanks for responding.
The default gateway 192.168.1.2 is the connection to Gibbon
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 268566604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
The route print is as follows:
C:\Users\User>route print
==========================
Interface List
16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.1 286
192.168.1.1 255.255.255.255 On-link 192.168.1.1 286
192.168.1.255 255.255.255.255 On-link 192.168.1.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 286
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.2 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 286 fe80::/64 On-link
16 286 fe80::bcf2:805d:59aa:2b65/
On-link
1 306 ff00::/8 On-link
16 286 ff00::/8 On-link
==========================
Persistent Routes:
None
rauenpc, does this tell you anything?
Cheers
That all looks good. I just wanted to make sure this wasn't a goofy static route on a server (which I actually have seen in production networks).
Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.
Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.
Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Rauenpc
I ping all interfaces from the server. I can also ping the server from all routers.
Any more suggestions?
I ping all interfaces from the server. I can also ping the server from all routers.
Any more suggestions?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
If this is a Windows server, you can post an 'ipconfig/all' and 'route print' to verify.
Whenever you setup logging, traps, netflow, SNMP, or anything that does automatic reporting you should set the source interface manually. This applies to labs as well as production networks.
I would set the source interface so that, at the least, you know what the source IP will be from all routers. Also, check the routing tables to make sure all IP's are reachable.
The only other difference I see in your configs is that Drill and Orangutan don't have Loopback addresses unlike the other two.