LWAPP AP1131 not logging to configured syslog server

Answered Question
Mar 14th, 2008

Hi,

i configured my LWAPP Ap1131 to use a syslog server. I did it with a dhcp option and configuration on the controller. according to the boot message the ap gets both servers. But unfortunately none of the servers are used. The AP send there messages to 255.255.255.255. I grabed the attached file directly from the AP (show logging). The syslog server is reachable by the ap...

Interesting is the 7th line from the bottom, from where did the ap get the broadcast address for syslog?

any ideas, regards Martin

Attachment: 
I have this problem too.
0 votes
Correct Answer by Scott Fella about 8 years 8 months ago

I tried it on one of my lab ap's to see if the wlc would see the trap. If you look at the wlc Management | snmp | trap control, there are only two traps specified under Cisco AP Traps. You can always contact your local Cisco Wireless SE and have them put in your recommendation for future enhancement.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Scott Fella Fri, 03/14/2008 - 19:37

All the traffic gets tunneled back to the wlc. If you take a look at your log, you can see that the syslog is defined in your wlc. this message can be caused by you already setting the syslog server on the wlc or just that fact that the ap will not communicate directly to the syslog server.

%LWAPP-3-CLIENTEVENTLOG: Not using log server settings obtained from DHCP. Log server already set from controller.

Configure the syslog server ip address on the wlc.

m.hierling Sat, 03/15/2008 - 00:12

With LWAPP in mind you should assume that, but setting up a span port directly at the ap port i got the attached tcpdump. beside a bunch of LWAPP stuff (that i filtered out) i got plain old syslog messages LOCAL7.ERR.

I indeed configured wlc with a syslog server ip and facility 3, not 7.

And the messages i got on the wire doesnt hit my syslog, not even through wlc.

Martin

Attachment: 
Scott Fella Sat, 03/15/2008 - 08:27

I believe the reason that it didn't show up on your syslog, is that the ap has not yet joined the wlc. That info is what you can see if you are consoled into the ap or if you are running a debug, but you will not see that when using the syslog configured on the wlc. You can verify with TAC.... maybe they know of a workaround.

m.hierling Sun, 03/16/2008 - 04:03

from what i can remeber it was also after joining the wlc. i will doubel check tomorrow with a aditional tcpdump.

Correct Answer
Scott Fella Sun, 03/16/2008 - 07:30

I tried it on one of my lab ap's to see if the wlc would see the trap. If you look at the wlc Management | snmp | trap control, there are only two traps specified under Cisco AP Traps. You can always contact your local Cisco Wireless SE and have them put in your recommendation for future enhancement.

m.hierling Mon, 03/17/2008 - 12:07

fella5,

i have double checked and you are right. After joining wlc the syslog messages disappears. But the also diddnt hit the syslog server. i will investigate further.

M.

Actions

This Discussion

 

 

Trending Topics - Security & Network