Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
9
Helpful
3
Replies

Cat 2950 problems with Unix Syslog

VictorAKur
Level 1
Level 1

‎10-02-2007 06:33 AM

Hi

we have a number of cisco boxes in this setup, and there are 4 2950s among them. All of the devices log into syslog without problem, but the 2950s. The configuration is identical everywhere and traffic to the port 514 from 2950s hits the firewall (with the Unix server behind it) and is allowed through it, but there is absolutely nothing is registered on the actual server.

I seem to have tried everything I or google can come up with, but nothing worked so far.

Any ideas at all?

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎10-02-2007 11:36 AM

A sniffer on the UNIX server is the way to go. This will tell you if there is anything else after the firewall that could be blocking the packets (or if the packets are being modified and corrupted). Note, I'm assuming that the other, working devices are logging to the same server. If not, then check to make sure the UNIX syslog daemon is properly configured to listen to network messages. On Solaris, this is the default, but if syslogd is running with the -t flag, then udp/514 socket will not be opened. On FreeBSD, syslogd no longer listens to network messages by default. You need to run without the -s option on FreeBSD.

VictorAKur
Level 1
Level 1
In response to Joe Clarke

‎10-03-2007 03:00 AM

Thank you very much. The other devices are logging fine. It is only these 4 2950s which are causing the issue. They are split in two pairs and are located in different parts of the city and the network. I am aware that the problem is not very clear at all and is probably down to the configuration after all, but I am just trying everything I can really.

I have pick up the network 3 weeks ago and trying to crreate some kind of order in it :)

Would the logging source - interface make any difference? All the boxes which do work have it set up as a loopback interface, while the 2950s are using a VLAN.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to VictorAKur

‎10-03-2007 07:01 AM

Again, since the configuration is the same, you need to get a sniffer trace on the syslog server to make sure the messages are making it to the server. If so, then that greatly reduces the troubleshooting that needs to be done. If not, then you need to work backwards to find where the messages are being dropped.

Yes, the logging source could have an effect if you have firewall rules or access-lists that are not setup to allow those IP addresses.

0 Helpful
Customers Also Viewed These Support Documents