Cisco syslog Server Pt2
Hello Experts
Can someone please tell me why I'm able to send syslog messages to the syslog server shown in the diagram from R4 on interface e1/1 but not on e1/3 or fas 0/0. Also why I can send syslog messages from R1 on e1/3 but not on eth 1/1 or eth 1/2.
Please see configs
Cheers
Carlton
16-44-28--R1-127.0.0.1-.txt
16-44-31--R4-127.0.0.1-.txt
16-44-35--R2-127.0.0.1-.txt
16-44-38--R3-127.0.0.1-.txt
newscreen.png
Can someone please tell me why I'm able to send syslog messages to the syslog server shown in the diagram from R4 on interface e1/1 but not on e1/3 or fas 0/0. Also why I can send syslog messages from R1 on e1/3 but not on eth 1/1 or eth 1/2.
Please see configs
Cheers
Carlton
16-44-28--R1-127.0.0.1-.txt
16-44-31--R4-127.0.0.1-.txt
16-44-35--R2-127.0.0.1-.txt
16-44-38--R3-127.0.0.1-.txt
newscreen.png
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
As the syslog messages are usually sent via UDP, the source address shouldn't really matter ... out of curiosity, can you do a ping to the syslog server with the different interfaces as source? Also, what sort of syslog server are you using? I suppose there aren't any access rules or IP filters configured? Any chance of doing a tcpdump/wireshark capture on the syslog server?
Hello,
Routing table by syslog IP address tells router on which interface to send syslog messages.
So in your case for routers R1 and R4 to reach syslog server at 192.168.1.2, syslog packets will go out e1/3 on R1, and e1/1 on R4.
Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.
So you can't force router to send syslog through particular interface (theoretically you can by setting static route or PBR, but I don't see any valid reason to do it), you can only set IP address in the syslog message by which you will identify router.
Regards!
Routing table by syslog IP address tells router on which interface to send syslog messages.
So in your case for routers R1 and R4 to reach syslog server at 192.168.1.2, syslog packets will go out e1/3 on R1, and e1/1 on R4.
Normally, a syslog message contains the IP address of the interface it uses to leave the router. The logging source-interface command specifies that syslog packets contain the IP address of a particular interface, regardless of which interface the packet uses to exit the router.
So you can't force router to send syslog through particular interface (theoretically you can by setting static route or PBR, but I don't see any valid reason to do it), you can only set IP address in the syslog message by which you will identify router.
Regards!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial