The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!
Cisco syslog Server Pt2
Hello Experts
Can someone please tell me why I'm able to send syslog messages to the syslog server shown in the diagram from R4 on interface e1/1 but not on e1/3 or fas 0/0. Also why I can send syslog messages from R1 on e1/3 but not on eth 1/1 or eth 1/2.
Please see configs
Cheers
Carlton
16-44-28--R1-127.0.0.1-.txt
16-44-31--R4-127.0.0.1-.txt
16-44-35--R2-127.0.0.1-.txt
16-44-38--R3-127.0.0.1-.txt
newscreen.png
Can someone please tell me why I'm able to send syslog messages to the syslog server shown in the diagram from R4 on interface e1/1 but not on e1/3 or fas 0/0. Also why I can send syslog messages from R1 on e1/3 but not on eth 1/1 or eth 1/2.
Please see configs
Cheers
Carlton
16-44-28--R1-127.0.0.1-.txt
16-44-31--R4-127.0.0.1-.txt
16-44-35--R2-127.0.0.1-.txt
16-44-38--R3-127.0.0.1-.txt
newscreen.png
Asked:
1 Solution
LVL 18
As the syslog messages are usually sent via UDP, the source address shouldn't really matter ... out of curiosity, can you do a ping to the syslog server with the different interfaces as source? Also, what sort of syslog server are you using? I suppose there aren't any access rules or IP filters configured? Any chance of doing a tcpdump/wireshark capture on the syslog server?
Hello,
Routing table by syslog IP address tells router on which interface to send syslog messages.
So in your case for routers R1 and R4 to reach syslog server at 192.168.1.2, syslog packets will go out e1/3 on R1, and e1/1 on R4.
Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.
So you can't force router to send syslog through particular interface (theoretically you can by setting static route or PBR, but I don't see any valid reason to do it), you can only set IP address in the syslog message by which you will identify router.
Regards!
Routing table by syslog IP address tells router on which interface to send syslog messages.
So in your case for routers R1 and R4 to reach syslog server at 192.168.1.2, syslog packets will go out e1/3 on R1, and e1/1 on R4.
Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.
So you can't force router to send syslog through particular interface (theoretically you can by setting static route or PBR, but I don't see any valid reason to do it), you can only set IP address in the syslog message by which you will identify router.
Regards!
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Tackle projects and never again get stuck behind a technical roadblock.
Join Now