I need some help with how to config a 3500 catalyst switch to logg everything (logging trap 6) to a syslog server. This switch has some commands and vlans configured since earlier (not by me).
Please explain the following lines for me:
logging facility syslog (what does this line do?)
logging source-interface VlanXX (is this the only vlan logged for traffic?)
logging 192.168.30.40 (this i do get. Ip of the syslog server :)
I tried to make an access-list but the switch converted 192.168.30.250 to 0.0.0.250 after saving config. How come?
access-list 103 permit tcp 0.0.0.250 255.255.255.0 0.0.0.40 255.255.255.0 eq cmd
How should this look if it should only be port 514 (default syslog port)to be allowed from switch ip 192.168.30.250 to syslog server 192.168.30.40?
Both are on vlan30.
ip address 192.168.30.250 255.255.255.0
ip access-group 103 in
I hope i got everything cleared out...if not please say so!
"I still have som issues. When i run sh logging command i only see old events like interfaces going up and down."
This is normal. Clear the log with the clear log command to get rid of the old messages.
"But since i started to conf the switch i only se changes made by console."
As mentioned in my previous post, logging to the console is on by default. So, if you make a configuration change or an event occurs, a logging message will be sent to the console automatically. If your terminal is directly connected to the device's console port, you will see them. If you are Telnet'ed into the device, you will have to enter the term mon command to see the messages for that session. Once you log out of the device, the effect of the term mon command ends.
"I still dont get any syslogs sent to my GFI eventsmanager (windows application) (UDP 514)"
Do you have any filtering device between your switch and the syslog server?
Are you able to PING the syslog server from your switch?
Also, enable logging with the logging on command, as shown above.