Syslog issue

Answered Question

Hi Experts,

we have a new 2800 router installed, but I cannot get it to send logs to a Kiwi syslog..I have configured the logging <IP addr> command on the router. I have also configured "logging buffered informational" and verified that the Syslog service is running.

Please can someone help if there is anything else that I need to configure/check in order to achieve this.

Many thanks in advance.


I have this problem too.
0 votes
Correct Answer by Collin Clark about 9 years 5 days ago

It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (8 ratings)
Collin Clark Sun, 10/14/2007 - 03:25

I would test it by setting the level to debugging. Informational may not be sending anything.

Richard Burts Sun, 10/14/2007 - 15:54


Changing the severity level might be helpful as you troubleshoot this issue. You mention the logging level of the logging buffer on the router. But that does not impact the logging level to the server. What logging level did you configure for the server?

I would also suggest that you check to make sure that you have proper IP connectivity from the router to the configured server. Can you ping the server address from the router?

It might be helpful if we could see the config of the router. Can you post the config - or at least post the output of show run | include log




Please find the config required. yes I can ping the syslog from the router.

XXXXX#sh run | i log

service timestamps log datetime msec

logging buffered 4096 debugging


login local

login local

login local

login local



Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms


many thanks,


Collin Clark Mon, 10/15/2007 - 05:14

Can you post the first 10 lines of a show log? That will verify that your sending to syslog server and what the level is.

XXXXX#sh log

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 5446 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 873 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 3387 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level informational, 5451 message lines logged

Logging to, 3583 message lines logged, xml disabled,

filtering disabled

Log Buffer (4096 bytes):

%LINK-3-UPDOWN: Interface Serial0/3/1, changed state to down

Richard Burts Mon, 10/15/2007 - 08:31


Thanks for posting the additional information. It does help to demonstrate that the router is generating syslog messages and is sending them to And it helps that you show that you can ping this address.

I wonder if it is possible that there is some device with an access list or a firewall that is not permitting the syslog data to get through?



Correct Answer
Collin Clark Wed, 10/17/2007 - 09:07

It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?

Collin Clark Wed, 10/17/2007 - 11:58

Thanks for posting the ini file. Kiwi is looking for syslog on UDP port 162 (default is UDP 514), which is also SNMP Trap. Do you have your router configured to send syslog on port 162 instead of 514?

HTH and please rate.

Collin Clark Wed, 10/17/2007 - 12:09

It's easier to do in in Kiwi. Go to File, Setup, and about 3/4 of the way down you should see Inputs. Under Inputs you'll see UDP (among others). Click on it and on the right side, put 514 for the UDP Port. Leave the Bind to IP blank, and make sure 'Listen for UDP syslog messages' is checked. Let us know what happens!

HTH and please rate.


This Discussion