syslog server not getting any logs

Unanswered Question
Sep 21st, 2007
User Badges:

i have a problem with my 1841ISR and my Catalyst 3500xl switch... I have currently configured a kiwi syslog server but it seems that only my PIX firewall is the one sending out debugging logs and my switch and router isn't.


below is my switch config:

Current configuration:

!

version 12.0

no service pad

no service timestamps debug uptime

no service timestamps log uptime

service password-encryption


interface VLAN1

ate to u

ip default-gateway 192.168.32.1

logging trap debugging

logging facility local5

logging source-interface VLAN1

logging 192.168.32.8

logging 192.168.32.88


and for my router I do see syslog messages on my kiwi but only this type of logs:


2007-09-20 16:38:35 Local7.Info 192.168.100.1 169: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.100.21 started ? reconnection


2007-09-20 16:38:35 Local7.Notice 192.168.100.1 168: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.100.88)


2007-09-20 15:08:02 Local7.Warning 192.168.100.1 144: 000142: *Sep 20 15:12:39.687 PCTime: %IPS-4-SIGNATURE: Sig:11208 Subsig:0 Sev:2 Yahoo Messenger Client DNS Request [192.168.100.88:1644 -> 4.2.2.2:53]


2007-09-20 15:31:49 Local4.Info 192.168.32.1 %PIX-6-302015: Built inbound UDP connection 82117 for outside:192.168.100.1/58985 (192.168.100.1/58985) to inside:192.168.32.8/514 (192.168.100.21/514)


and below is the configuration of my ISR:


version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

no service timestamps debug uptime

no service timestamps log uptime

service password-encryption

logging trap debugging

logging source-interface Vlan3

logging 192.168.100.21

logging 192.168.100.88


can anyone help?


thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vaisharm Fri, 09/21/2007 - 01:27
User Badges:
  • Cisco Employee,

Hi, Looks like the router is able to send the logs to the syslog server just fine. I am not sure, what is it that you are missing? Are there any additional logs that you can see in the 'show log' output on the router but not on the syslog server? If not, I think the router is logging just fine.


For the switch -


Is the syslog server connected to a port in Vlan3 as well?

Are you able to ping it from the syslog server from the switch?

Are there any intermediate devices between the switch and the syslog server?


Remove 'logging source-interface Vlan3' and see if that helps.


- Vaibhav



brianbono Fri, 09/21/2007 - 02:36
User Badges:

for the switch -


It is on the same VLAN as the syslog server and i am able to ping the syslog server from the switch itself...


i'll try remoing the 'logging soure-interface Vlan3' to see if that helps.


i'll keep you posted...


thanks

vaisharm Fri, 09/21/2007 - 03:29
User Badges:
  • Cisco Employee,

Is the switch connected directly to the syslog server? If not, can you check if udp port 514 is allowed (if there's a firewall in between)?


If all's okay, the best thing to do is span the port on the switch which connects to the syslog server and capture sniffer trace. If the sniffer shows syslog messages leaving the switch, the problem is not with the switch.


hobbe Fri, 09/21/2007 - 01:38
User Badges:
  • Gold, 750 points or more

just a wildcard.. but have you tried the "logging on" command ?



Richard Burts Fri, 09/21/2007 - 06:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Brian


I am wondering about this command:

logging facility local5

is the Kiwi processing for local5? If you remove this command from the switch config does the behavior change?


HTH


Rick

Actions

This Discussion