Syslog server

Answered Question
Mar 10th, 2009

Good day.


I am trying to configure our core to use the syslog server instead of buffering line items. I have configure logging to 10.10.10.10, but how do I tell the information being logged in the buffer to use the syslog server instead of buffer?


Can I use a command like "permit ip any any syslog" instead of permit ip any any log?


Thanks


Dwane

Correct Answer by John Blakley about 7 years 11 months ago

161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.


Your basic logging would be like:


logging on

logging trap 6

logging host 5.5.5.5 <-- your syslog server


HTH,


John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
John Blakley Tue, 03/10/2009 - 12:29

You also need to trap your logs:


loggin trap 6 (or whatever level you want)


The higher levels log everything underneath, so 6 also logs 5,4,3,2, and 1.


HTH,


John

dpatkins Wed, 03/11/2009 - 11:18

John,


What if we have ACLs that are being logged to the buffer now? How do I send them to the syslog server and how processor intensive is all of this if we off load form the buffer to a syslog server?


Thank you


Dwane

John Blakley Wed, 03/11/2009 - 11:22

Anything that's in the buffer can't be moved to your syslog server, but any new logs can be redirected to it. As far as being processor intensive, it shouldn't be hard on your router at all.



HTH,

John

dpatkins Wed, 03/11/2009 - 13:48

If I have the following command, how do I send it to a syslog server instead of the buffer:


access-list 210 deny udp any any eq 161 log


Dwane

Correct Answer
John Blakley Wed, 03/11/2009 - 13:58

161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.


Your basic logging would be like:


logging on

logging trap 6

logging host 5.5.5.5 <-- your syslog server


HTH,


John

dpatkins Fri, 03/13/2009 - 05:38

Yes, I know that but if I want send log entries pertaining to such a command, then the aforementioned statements will work?


If so, then that is great.


Dwane

John Blakley Fri, 03/13/2009 - 06:25

Yes, these commands will work. You can also leave your logging buffered commands, and it will log in two places if you're concerned about losing your logs. You can also log to more than one syslog server, etc.


Thanks for the rating!


John

Actions

This Discussion