Syslog server

Answered Question
Mar 10th, 2009
User Badges:

Good day.


I am trying to configure our core to use the syslog server instead of buffering line items. I have configure logging to 10.10.10.10, but how do I tell the information being logged in the buffer to use the syslog server instead of buffer?


Can I use a command like "permit ip any any syslog" instead of permit ip any any log?


Thanks


Dwane

Correct Answer by John Blakley about 8 years 3 months ago

161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.


Your basic logging would be like:


logging on

logging trap 6

logging host 5.5.5.5 <-- your syslog server


HTH,


John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
m.abdullah.s Tue, 03/10/2009 - 12:13
User Badges:

If no ACL is configured, u just need to put


logging (IP Address)


Reg

John Blakley Tue, 03/10/2009 - 12:29
User Badges:
  • Purple, 4500 points or more

You also need to trap your logs:


loggin trap 6 (or whatever level you want)


The higher levels log everything underneath, so 6 also logs 5,4,3,2, and 1.


HTH,


John

dpatkins Wed, 03/11/2009 - 11:18
User Badges:

John,


What if we have ACLs that are being logged to the buffer now? How do I send them to the syslog server and how processor intensive is all of this if we off load form the buffer to a syslog server?


Thank you


Dwane

John Blakley Wed, 03/11/2009 - 11:22
User Badges:
  • Purple, 4500 points or more

Anything that's in the buffer can't be moved to your syslog server, but any new logs can be redirected to it. As far as being processor intensive, it shouldn't be hard on your router at all.



HTH,

John

dpatkins Wed, 03/11/2009 - 13:48
User Badges:

If I have the following command, how do I send it to a syslog server instead of the buffer:


access-list 210 deny udp any any eq 161 log


Dwane

Correct Answer
John Blakley Wed, 03/11/2009 - 13:58
User Badges:
  • Purple, 4500 points or more

161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.


Your basic logging would be like:


logging on

logging trap 6

logging host 5.5.5.5 <-- your syslog server


HTH,


John

dpatkins Fri, 03/13/2009 - 05:38
User Badges:

Yes, I know that but if I want send log entries pertaining to such a command, then the aforementioned statements will work?


If so, then that is great.


Dwane

John Blakley Fri, 03/13/2009 - 06:25
User Badges:
  • Purple, 4500 points or more

Yes, these commands will work. You can also leave your logging buffered commands, and it will log in two places if you're concerned about losing your logs. You can also log to more than one syslog server, etc.


Thanks for the rating!


John

Actions

This Discussion