cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2494
Views
31
Helpful
15
Replies

Syslog issue

imran_mo
Level 1
Level 1

Hi Experts,

we have a new 2800 router installed, but I cannot get it to send logs to a Kiwi syslog..I have configured the logging <IP addr> command on the router. I have also configured "logging buffered informational" and verified that the Syslog service is running.

Please can someone help if there is anything else that I need to configure/check in order to achieve this.

Many thanks in advance.

Imran.

1 Accepted Solution

Accepted Solutions

It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?

View solution in original post

15 Replies 15

Collin Clark
VIP Alumni
VIP Alumni

I would test it by setting the level to debugging. Informational may not be sending anything.

Imran

Changing the severity level might be helpful as you troubleshoot this issue. You mention the logging level of the logging buffer on the router. But that does not impact the logging level to the server. What logging level did you configure for the server?

I would also suggest that you check to make sure that you have proper IP connectivity from the router to the configured server. Can you ping the server address from the router?

It might be helpful if we could see the config of the router. Can you post the config - or at least post the output of show run | include log

HTH

Rick

HTH

Rick

Sir,

Please find the config required. yes I can ping the syslog from the router.

XXXXX#sh run | i log

service timestamps log datetime msec

logging buffered 4096 debugging

logging 10.8.1.22

login local

login local

login local

login local

TRUTHN#

XXXXX#ping 10.8.1.22

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.8.1.22, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

XXXXX#

many thanks,

Imran.

Can you post the first 10 lines of a show log? That will verify that your sending to syslog server and what the level is.

XXXXX#sh log

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 5446 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 873 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 3387 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level informational, 5451 message lines logged

Logging to 10.8.1.22, 3583 message lines logged, xml disabled,

filtering disabled

Log Buffer (4096 bytes):

%LINK-3-UPDOWN: Interface Serial0/3/1, changed state to down

Imran

Thanks for posting the additional information. It does help to demonstrate that the router is generating syslog messages and is sending them to 10.8.1.22. And it helps that you show that you can ping this address.

I wonder if it is possible that there is some device with an access list or a firewall that is not permitting the syslog data to get through?

HTH

Rick

HTH

Rick

Hi Rick,

There is no firewall. The Fastethernet of router is the gateway for the syslog server.

Could it be some setting on the syslog server...we are using the Kiwi syslog.

Imran.

It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?

Sir,

It does send a test message to the console.

I am attaching the .ini file for your reference.

Thanks for helping.

Regards,

Imran.

Thanks for posting the ini file. Kiwi is looking for syslog on UDP port 162 (default is UDP 514), which is also SNMP Trap. Do you have your router configured to send syslog on port 162 instead of 514?

HTH and please rate.

I've not changed the default config on router so I guess it may still be sending to UDP port 514.

Do you think I should just change the port setting on Kiwi to 514, that would be easier.

Can I do that?

It's easier to do in in Kiwi. Go to File, Setup, and about 3/4 of the way down you should see Inputs. Under Inputs you'll see UDP (among others). Click on it and on the right side, put 514 for the UDP Port. Leave the Bind to IP blank, and make sure 'Listen for UDP syslog messages' is checked. Let us know what happens!

HTH and please rate.

Sir,

I shall try that first thing tomorrow morning when I go to work.

{Its 1.40 AM in the morning here in India :-)}

Thanks a ton for your valuable time.

I will advise the outcome tomorrow.

Imran.

Sir,

Thanks a ton for your help.

I followed your instructions and got it working.

Many thanks again,

Imran.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: