We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cisco Syslog Server Question?
Posted on 2012-12-24
Hello Experts,
Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?
I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.
Please configs and attached topology
Cheers
Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?
I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.
Please configs and attached topology
Cheers
Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
10 Comments
I assume the syslog server has a simple default route pointing at Gibbon, correct?
If this is a Windows server, you can post an 'ipconfig/all' and 'route print' to verify.
Whenever you setup logging, traps, netflow, SNMP, or anything that does automatic reporting you should set the source interface manually. This applies to labs as well as production networks.
I would set the source interface so that, at the least, you know what the source IP will be from all routers. Also, check the routing tables to make sure all IP's are reachable.
The only other difference I see in your configs is that Drill and Orangutan don't have Loopback addresses unlike the other two.
If this is a Windows server, you can post an 'ipconfig/all' and 'route print' to verify.
Whenever you setup logging, traps, netflow, SNMP, or anything that does automatic reporting you should set the source interface manually. This applies to labs as well as production networks.
I would set the source interface so that, at the least, you know what the source IP will be from all routers. Also, check the routing tables to make sure all IP's are reachable.
The only other difference I see in your configs is that Drill and Orangutan don't have Loopback addresses unlike the other two.
Hello rauenpc,
Thanks for responding.
The default gateway 192.168.1.2 is the connection to Gibbon
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 268566604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
The route print is as follows:
C:\Users\User>route print
==========================
Interface List
16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.1 286
192.168.1.1 255.255.255.255 On-link 192.168.1.1 286
192.168.1.255 255.255.255.255 On-link 192.168.1.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 286
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.2 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 286 fe80::/64 On-link
16 286 fe80::bcf2:805d:59aa:2b65/
On-link
1 306 ff00::/8 On-link
16 286 ff00::/8 On-link
==========================
Persistent Routes:
None
rauenpc, does this tell you anything?
Cheers
Thanks for responding.
The default gateway 192.168.1.2 is the connection to Gibbon
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%
IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 268566604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
The route print is as follows:
C:\Users\User>route print
==========================
Interface List
16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.1 286
192.168.1.1 255.255.255.255 On-link 192.168.1.1 286
192.168.1.255 255.255.255.255 On-link 192.168.1.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.1 286
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.2 Default
==========================
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 286 fe80::/64 On-link
16 286 fe80::bcf2:805d:59aa:2b65/
On-link
1 306 ff00::/8 On-link
16 286 ff00::/8 On-link
==========================
Persistent Routes:
None
rauenpc, does this tell you anything?
Cheers
That all looks good. I just wanted to make sure this wasn't a goofy static route on a server (which I actually have seen in production networks).
Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.
Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.
Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
Rauenpc
I ping all interfaces from the server. I can also ping the server from all routers.
Any more suggestions?
I ping all interfaces from the server. I can also ping the server from all routers.
Any more suggestions?
Featured Post
Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month4 days, 4 hours left to enroll
630 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.