×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Syslog servers

Unanswered Question
Jul 22nd, 2003
User Badges:

Folks,


I'm trying to log traps from a 1721 to my desktop.


I've downloaded a Kiwi syslog server and set it to accept udp (port514), tcp(1468) & snmp traps.


I've configured the router to use the syslog server at my ip address & told it to log debug traps.


when i type ash ow logging on the router i can see it has sent the logs but don't see anything on my syslog server.


i can ping between my router and my server ok


any ideas


thanks in anticipation

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thisisshanky Tue, 07/22/2003 - 08:33
User Badges:
  • Purple, 4500 points or more

I just downloaded Kiwi Syslog daemon 7.0.3


Enabled UDP port 514 (thats enabled by default)


TCP is not enabled by default, same is SNMP.


I checked the options to enable TCP and SNMP.


Had a 1721, connected back to back to my PC, loaded with Kiwi.


commands on 1721.


no logging console

logging 10.10.10.10

logging trap debug


Gave a "debug ip icmp" and gave a ping, and all the debug messages popped up on the kiwi syslog.


So I think, in your case, only if a debug instance occurs, will it send a message to syslog server.

mulhollandm Wed, 07/23/2003 - 06:59
User Badges:

i tried an install on my test network & all works ok but still nothing on the live network. The only big difference is the access-lists on the live network but i've included my syslog server on the inbound list so that i can ping between the router and the server.


any more ideas gratelfully appreciated


many thanks

thisisshanky Wed, 07/23/2003 - 07:20
User Badges:
  • Purple, 4500 points or more

If there are access-list on the router then you also need to permit syslog udp port 514 on the list. Otherwise syslog messages will be dropped.

mulhollandm Wed, 07/23/2003 - 08:16
User Badges:

thanks for your help - i think i'm nearly there!


i'm using an extended list but i can't get the syntax right yet so i tried a:


access-list 101 permit udp myipaddress any


but no joy


agains thanks for the help!


milan.kulik Mon, 07/28/2003 - 02:56
User Badges:
  • Red, 2250 points or more

Is the ACL incoming or outgiong?

Is the myipaddress the IP address of the router or the syslog server?

I'd use

access-list 101 permit udp any syslog_server_address

or

access-list 101 permit udp router_address syslog_server_address

line in the ACL.

Regards,

Milan




mulhollandm Mon, 07/28/2003 - 03:16
User Badges:

Thanks for your help but it turns out i needed to identify the source interface for logging


thanks again

Actions

This Discussion