Solved

Cisco Syslog Server Question?

Posted on 2012-12-24
10
444 Views
Last Modified: 2013-06-21
Hello Experts,

Can someone please tell me why the syslog server in my lab will only recieve alerts from Orangutan and Drill?

I can't get the syslog server to receive alerts or syslog messages from Gibbon or Chimpanzee.

Please configs and attached topology

Cheers

Carlton
SCREENSHOT.png
12-57-52--Chimpanzee-127.0.0.1-.txt
12-58-01--Drill-127.0.0.1-.txt
12-58-09--Gibbon-127.0.0.1-.txt
12-58-18--Orangutan-127.0.0.1-.txt
0
Comment
Question by:cpatte7372
  • 4
  • 2
10 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 38718550
I assume the syslog server has a simple default route pointing at Gibbon, correct?
If this is a Windows server, you can post an 'ipconfig/all' and 'route print' to verify.

Whenever you setup logging, traps, netflow, SNMP, or anything that does automatic reporting you should set the source interface manually. This applies to labs as well as production networks.

I would set the source interface so that, at the least, you know what the source IP will be from all routers. Also, check the routing tables to make sure all IP's are reachable.

The only other difference I see in your configs is that Drill and Orangutan don't have Loopback addresses unlike the other two.
0
 

Author Comment

by:cpatte7372
ID: 38718954
Hello rauenpc,

Thanks for responding.

The default gateway 192.168.1.2 is the connection to Gibbon

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Loopback Adapter
   Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bcf2:805d:59aa:2b65%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.2
   DHCPv6 IAID . . . . . . . . . . . : 268566604
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-66-DE-C4-BC-AE-C5-E1-B0-15

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

The route print is as follows:
C:\Users\User>route print
===========================================================================
Interface List
 16...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.2      192.168.1.1    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.1    286
      192.168.1.1  255.255.255.255         On-link       192.168.1.1    286
    192.168.1.255  255.255.255.255         On-link       192.168.1.1    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.1    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.1    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.2  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    286 fe80::/64                On-link
 16    286 fe80::bcf2:805d:59aa:2b65/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

rauenpc, does this tell you anything?


Cheers
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 38719018
That all looks good. I just wanted to make sure this wasn't a goofy static route on a server (which I actually have seen in production networks).

Next I would look in to setting the snmp trap-source interface, and also making sure you can ping the server from the routers in question while using the trap-source interface as a ping source.

Also, is there full connectivity in your network from the server? Can you ping each interface on all routers?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:cpatte7372
ID: 38723052
Rauenpc

I ping all interfaces from the server. I can also ping the server from all routers.

Any more suggestions?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 38727848
If you can ping all of the router interfaces from the server then it should receive syslog traffic based on your configs. Here's a thought: Is it possible that windows firewall is blocking some of the syslog traffic?
0
 

Author Comment

by:cpatte7372
ID: 38753851
Cheers
0
 

Author Closing Comment

by:cpatte7372
ID: 39265607
Cheers
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now