Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
8
Replies

Syslog server

Go to solution
dpatkins
Level 1
Level 1

‎03-10-2009 12:09 PM - edited ‎03-04-2019 03:53 AM

Good day.

I am trying to configure our core to use the syslog server instead of buffering line items. I have configure logging to 10.10.10.10, but how do I tell the information being logged in the buffer to use the syslog server instead of buffer?

Can I use a command like "permit ip any any syslog" instead of permit ip any any log?

Thanks

Dwane

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to dpatkins

‎03-11-2009 01:58 PM

161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.

Your basic logging would be like:

logging on

logging trap 6

logging host 5.5.5.5 <-- your syslog server

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
8 Replies 8

Go to solution
m.abdullah.s
Level 1
Level 1

‎03-10-2009 12:13 PM

If no ACL is configured, u just need to put

logging (IP Address)

Reg

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to m.abdullah.s

‎03-10-2009 12:29 PM

You also need to trap your logs:

loggin trap 6 (or whatever level you want)

The higher levels log everything underneath, so 6 also logs 5,4,3,2, and 1.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
dpatkins
Level 1
Level 1
In response to John Blakley

‎03-11-2009 11:18 AM

John,

What if we have ACLs that are being logged to the buffer now? How do I send them to the syslog server and how processor intensive is all of this if we off load form the buffer to a syslog server?

Thank you

Dwane

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to dpatkins

‎03-11-2009 11:22 AM

Anything that's in the buffer can't be moved to your syslog server, but any new logs can be redirected to it. As far as being processor intensive, it shouldn't be hard on your router at all.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
dpatkins
Level 1
Level 1
In response to John Blakley

‎03-11-2009 01:48 PM

If I have the following command, how do I send it to a syslog server instead of the buffer:

access-list 210 deny udp any any eq 161 log

Dwane

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to dpatkins

‎03-11-2009 01:58 PM

161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.

Your basic logging would be like:

logging on

logging trap 6

logging host 5.5.5.5 <-- your syslog server

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
dpatkins
Level 1
Level 1
In response to John Blakley

‎03-13-2009 05:38 AM

Yes, I know that but if I want send log entries pertaining to such a command, then the aforementioned statements will work?

If so, then that is great.

Dwane

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to dpatkins

‎03-13-2009 06:25 AM

Yes, these commands will work. You can also leave your logging buffered commands, and it will log in two places if you're concerned about losing your logs. You can also log to more than one syslog server, etc.

Thanks for the rating!

John

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card