Solved

Cisco syslog Server Pt2

Posted on 2012-12-27
4
366 Views
Last Modified: 2013-02-05
Hello Experts

Can someone please tell me why I'm able to send syslog messages to the syslog server shown in the diagram from R4 on interface e1/1 but not on e1/3 or fas 0/0. Also why I can send syslog messages from R1 on e1/3 but not on eth 1/1 or eth 1/2.

Please see configs

Cheers

Carlton
16-44-28--R1-127.0.0.1-.txt
16-44-31--R4-127.0.0.1-.txt
16-44-35--R2-127.0.0.1-.txt
16-44-38--R3-127.0.0.1-.txt
newscreen.png
0
Comment
Question by:cpatte7372
4 Comments
 
LVL 17

Accepted Solution

by:
Garry-G earned 500 total points
ID: 38724918
As the syslog messages are usually sent via UDP, the source address shouldn't really matter ... out of curiosity, can you do a ping to the syslog server with the different interfaces as source? Also, what sort of syslog server are you using? I suppose there aren't any access rules or IP filters configured? Any chance of doing a tcpdump/wireshark capture on the syslog server?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38731558
Lots of 'logging' statements on R4... :)
What is the actual address of the syslog server?
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 38731837
Hello,

Routing table by syslog IP address tells router on which interface to send syslog messages.
So in your case for routers R1 and R4 to reach syslog server at 192.168.1.2, syslog packets will go out e1/3 on R1, and e1/1 on R4.

Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.

So you can't force router to send syslog through particular interface (theoretically you can by setting static route or PBR, but I don't see any valid reason to do it), you can only set IP address in the syslog message by which you will identify router.

Regards!
0
 

Author Closing Comment

by:cpatte7372
ID: 38772573
Cheers
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now