cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
818
Views
0
Helpful
13
Replies

syslog to 2nd server doesn't work

aruzsinszky
Level 1
Level 1

Hi,

sh logg:

Syslog logging: enabled (1 messages dropped, 1 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 2465 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 2465 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level debugging, 2469 message lines logged

Logging to 192.168.1.10 (udp port 514, audit disabled), 2469 message lines logged, xml disabled,

filtering disabled

Logging to 192.168.1.252 (udp port 514, audit disabled), 0 message lines logged, xml disabled,

filtering disabled

sh ver:

C1700 Software (C1700-IPBASE-M), Version 12.4(1a), RELEASE SOFTWARE (fc2)

On previous versions IOS it works!

What is the trick?

TIA,

Ruzsi

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

This is due to bug CSCsa87733. You will need to upgrade to 12.4(2) or higher to get the fix.

View solution in original post

13 Replies 13

Joe Clarke
Cisco Employee
Cisco Employee

This is due to bug CSCsa87733. You will need to upgrade to 12.4(2) or higher to get the fix.

I thought it but I wasn't sure.

Now I'm testing the config in dynamips.

Thanks,

Ruzsi

Hi,

Does PIX 6.3.5 suffer from this problem, too?

I've no luck with more than only one syslog server.

TIA,

Ruzsi

This bug is for IOS only. I couldn't find a PIX bug for this symptom. I did find an indication that multiple syslog destinations do work in 6.3, but I didn't see a specific 6.3 release.

Thanks for your prompt answer!

The problem somewhere other side because I can't ping the new syslog server. I don't know why.

They are in the same segment so now I've got no ideas. :-(

Can you tell me what thought PIX about the next MAC: 00:00:00:00:00:00?

It is the MAC of the syslog server!

Other machines (PCs, 2 SUN WSs, etc) work perfectly with that funny MAC.

TIA,

Ruzsi

Is the PIX sending a packet with a source MAC of 00:00:00:00:00:00 or is this the MAC being reported by the syslog server?

This is the MAC of syslog server.

Then it sounds like you have a bad NIC in that server. Try replacing it.

Not really.

Every machine can communicate with that PC except Cisco PIX 501. Even a Cisco 1721 router!

I know this MAC address not the best ...

Why are you using the MAC. It's generally considered invalid as it is used things such as in ARP packets, and some of our devices will complain if they see packets sourced from such a MAC. A NIC claiming to have such a MAC is either broken or did not get a proper MAC burned into at the factory. If you can't replace the NIC, try changing the MAC in software.

I think you know the source of my problem: my motherboard forgot its MAC which was burned into at factory.

I will change it but now the PC is a firewall, too, so not to easy just put into down state. And it is not trivial I can change from software (OpenSUSE 10.3). I found some instructions on the Net. So I change it ASAP.

I don't understand why my PIX hates at all this address if SUN ws (and other LAN devices) work happily.

I'm not sure this is the problem with PIX. But maybe ...

My problem was solved.

I sshed from the outside interface of my bad MAC PC and ifconfig command changed the MAC address successfully.

PIX can able to send syslog messages to this server, too.

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: