Solved

cisco syslog logging

Posted on 2013-02-07
11
311 Views
Last Modified: 2013-06-21
Hello Experts

I have configured my router to send syslog messages to my server, however without issuing the command logging source-interface xxxx the the syslog server won't see any syslog messages.

Is there any explanation why?

Cheers

Carlton
0
Comment
Question by:cpatte7372
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38864202
If your syslog server is firewalled and your cisco router has multiple IPs, the IP originating the syslog packets may not be in the firewall list of allowed tcp/udp port 514.

Have you run wireshark on the syslog server to determine the originating IP
0
 

Author Comment

by:cpatte7372
ID: 38864229
Jesper,

I have disabled the firewall. I do have other interfaces on the syslog server but they are either disconnected or disabled.

I will run wireshark and post the results

Any other suggestions?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38864377
Do you have more than one IP address on the router?  I suspect that the syslog packets are not originating from the IP that you want them to.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:cpatte7372
ID: 38864551
Hi Jesper

Attached is copy of the configs. There is more than ip address. I'm trying to log to logging 10.44.96.142

Appreciate your help
mxrouter.txt
0
 

Author Comment

by:cpatte7372
ID: 38864710
Experts,

Any thoughts?
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 38864735
my typical logging config is:

Sample:                                                           Example:

logging buffered <#>                                      logging buffered 32768
no logging console                                          no logging console
logging facility local<#>                                  logging facility local6
logging source-interface <interface>              logging source-interface Vlan1
logging <IP>                                                    logging 10.44.96.142
                                                                       logging 10.44.108.79

Your syslog data from the router may be originating from one of the other IP addresses on the router.  Specifying it is usually necessary.
0
 

Author Comment

by:cpatte7372
ID: 38864809
Jesper,

Thanks for responding. I tried all your suggestions - no luck :-(
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38864853
Please post either your "syslog.conf" or "rsyslog.conf" and the "/etc/sysconfig/*syslog* file.

Also post "iptables --list -n"

And, I'd like to see a "netstat -an | grep 514"
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38864856
One little detail:  one the router,

logging on

Then do a "show log" and post the log data minus the actual detail.
0
 

Author Comment

by:cpatte7372
ID: 38865727
Jesper, thanks again for getting back to me. The server is Windows 7, not unix.
0
 

Author Closing Comment

by:cpatte7372
ID: 39265438
Cheers
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question