10-13-2007 12:40 PM
Hi Experts,
we have a new 2800 router installed, but I cannot get it to send logs to a Kiwi syslog..I have configured the logging <IP addr> command on the router. I have also configured "logging buffered informational" and verified that the Syslog service is running.
Please can someone help if there is anything else that I need to configure/check in order to achieve this.
Many thanks in advance.
Imran.
Solved! Go to Solution.
10-17-2007 09:07 AM
It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?
10-14-2007 03:25 AM
I would test it by setting the level to debugging. Informational may not be sending anything.
10-14-2007 03:54 PM
Imran
Changing the severity level might be helpful as you troubleshoot this issue. You mention the logging level of the logging buffer on the router. But that does not impact the logging level to the server. What logging level did you configure for the server?
I would also suggest that you check to make sure that you have proper IP connectivity from the router to the configured server. Can you ping the server address from the router?
It might be helpful if we could see the config of the router. Can you post the config - or at least post the output of show run | include log
HTH
Rick
10-15-2007 03:11 AM
Sir,
Please find the config required. yes I can ping the syslog from the router.
XXXXX#sh run | i log
service timestamps log datetime msec
logging buffered 4096 debugging
logging 10.8.1.22
login local
login local
login local
login local
TRUTHN#
XXXXX#ping 10.8.1.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.8.1.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
XXXXX#
many thanks,
Imran.
10-15-2007 05:14 AM
Can you post the first 10 lines of a show log? That will verify that your sending to syslog server and what the level is.
10-15-2007 07:41 AM
XXXXX#sh log
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 5446 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 873 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 3387 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level informational, 5451 message lines logged
Logging to 10.8.1.22, 3583 message lines logged, xml disabled,
filtering disabled
Log Buffer (4096 bytes):
%LINK-3-UPDOWN: Interface Serial0/3/1, changed state to down
10-15-2007 08:31 AM
Imran
Thanks for posting the additional information. It does help to demonstrate that the router is generating syslog messages and is sending them to 10.8.1.22. And it helps that you show that you can ping this address.
I wonder if it is possible that there is some device with an access list or a firewall that is not permitting the syslog data to get through?
HTH
Rick
10-17-2007 09:05 AM
Hi Rick,
There is no firewall. The Fastethernet of router is the gateway for the syslog server.
Could it be some setting on the syslog server...we are using the Kiwi syslog.
Imran.
10-17-2007 09:07 AM
It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?
10-17-2007 11:43 AM
10-17-2007 11:58 AM
Thanks for posting the ini file. Kiwi is looking for syslog on UDP port 162 (default is UDP 514), which is also SNMP Trap. Do you have your router configured to send syslog on port 162 instead of 514?
HTH and please rate.
10-17-2007 12:04 PM
I've not changed the default config on router so I guess it may still be sending to UDP port 514.
Do you think I should just change the port setting on Kiwi to 514, that would be easier.
Can I do that?
10-17-2007 12:09 PM
It's easier to do in in Kiwi. Go to File, Setup, and about 3/4 of the way down you should see Inputs. Under Inputs you'll see UDP (among others). Click on it and on the right side, put 514 for the UDP Port. Leave the Bind to IP blank, and make sure 'Listen for UDP syslog messages' is checked. Let us know what happens!
HTH and please rate.
10-17-2007 12:14 PM
Sir,
I shall try that first thing tomorrow morning when I go to work.
{Its 1.40 AM in the morning here in India :-)}
Thanks a ton for your valuable time.
I will advise the outcome tomorrow.
Imran.
10-18-2007 12:27 AM
Sir,
Thanks a ton for your help.
I followed your instructions and got it working.
Many thanks again,
Imran.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: