Solved

cisco syslog logging

Posted on 2013-02-07
11
307 Views
Last Modified: 2013-06-21
Hello Experts

I have configured my router to send syslog messages to my server, however without issuing the command logging source-interface xxxx the the syslog server won't see any syslog messages.

Is there any explanation why?

Cheers

Carlton
0
Comment
Question by:cpatte7372
  • 6
  • 5
11 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 38864202
If your syslog server is firewalled and your cisco router has multiple IPs, the IP originating the syslog packets may not be in the firewall list of allowed tcp/udp port 514.

Have you run wireshark on the syslog server to determine the originating IP
0
 

Author Comment

by:cpatte7372
ID: 38864229
Jesper,

I have disabled the firewall. I do have other interfaces on the syslog server but they are either disconnected or disabled.

I will run wireshark and post the results

Any other suggestions?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 38864377
Do you have more than one IP address on the router?  I suspect that the syslog packets are not originating from the IP that you want them to.
0
 

Author Comment

by:cpatte7372
ID: 38864551
Hi Jesper

Attached is copy of the configs. There is more than ip address. I'm trying to log to logging 10.44.96.142

Appreciate your help
mxrouter.txt
0
 

Author Comment

by:cpatte7372
ID: 38864710
Experts,

Any thoughts?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 38864735
my typical logging config is:

Sample:                                                           Example:

logging buffered <#>                                      logging buffered 32768
no logging console                                          no logging console
logging facility local<#>                                  logging facility local6
logging source-interface <interface>              logging source-interface Vlan1
logging <IP>                                                    logging 10.44.96.142
                                                                       logging 10.44.108.79

Your syslog data from the router may be originating from one of the other IP addresses on the router.  Specifying it is usually necessary.
0
 

Author Comment

by:cpatte7372
ID: 38864809
Jesper,

Thanks for responding. I tried all your suggestions - no luck :-(
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 38864853
Please post either your "syslog.conf" or "rsyslog.conf" and the "/etc/sysconfig/*syslog* file.

Also post "iptables --list -n"

And, I'd like to see a "netstat -an | grep 514"
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 38864856
One little detail:  one the router,

logging on

Then do a "show log" and post the log data minus the actual detail.
0
 

Author Comment

by:cpatte7372
ID: 38865727
Jesper, thanks again for getting back to me. The server is Windows 7, not unix.
0
 

Author Closing Comment

by:cpatte7372
ID: 39265438
Cheers
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now