Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2587
Views
0
Helpful
4
Replies

Catalyst 3550 Switch logging to syslog server

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-15-2007 02:23 AM - edited ‎03-11-2019 03:30 AM

EDIT: Seems i was on the wrong part of the forums when i started typing this post. Sorry about that.

Hi,

As a part of my final work at school im now trying to get 2 networking devices to send all event data to a syslog server inside the local network.

I have:

- Catalyst 3550 switch

- PIX 515E

Now the logging from PIX to the server works fine and without any problems. It was easy to configure and easy to modify also.

I have been trying to configure the same for the 3550 switch but wont get any messages to the server from the switch. Heres what ive configured so far:

Switch(config)#logging on

Switch(config)#logging facility syslog

Switch(config)#logging source-interface GigabitEthernet 0/1

Switch(config)#logging host <Server IP Address>

Switch(config)#logging trap debugging (or 7)

On the server i have setup the logging so that the server listens to messages from UDP port (default 514) and the TCP port 1470 (default).

I get log from the PIX but not C3550 switch. What might be the reason for this?

Is there something else i need to configure on the switch? Like define more specifically what the switch should log and send to the server?

Hope to get both devices logging to the server as i think its an important part in keeping an eye on whats happening in the network and its devices.

Any help would be appriciated

- Jouni Forss

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
JBDanford2002
Level 1
Level 1

‎06-17-2007 06:55 AM

Your logging facility may not be entirely correct which will depend on your syslog.conf file. Try changing it to local4 which is what the PIX logs to by default.

ciscoswitch(config)# logging facility local4

Post a copy of the syslog.conf file if youd like.

View solution in original post

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to JBDanford2002

‎06-17-2007 05:53 PM

to get even more basic, make sure the switch can ping your syslog server (ie make sure the default gateway on the switch is set correctly, unless it's in routing mode).

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JBDanford2002
Level 1
Level 1

‎06-17-2007 06:55 AM

Your logging facility may not be entirely correct which will depend on your syslog.conf file. Try changing it to local4 which is what the PIX logs to by default.

ciscoswitch(config)# logging facility local4

Post a copy of the syslog.conf file if youd like.

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to JBDanford2002

‎06-17-2007 05:53 PM

to get even more basic, make sure the switch can ping your syslog server (ie make sure the default gateway on the switch is set correctly, unless it's in routing mode).

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to srue

‎06-18-2007 12:25 AM

Thanks for the replys,

I changed the setting as described in the first reply and got it to work.

However my switch access-list showed denied icmp messages going from the server to the gateway on the switch. All this though i have echo and echo-replys permitted "any any" from the server vlan. I guess there are some other type ICMPs that got blocked there?

I added a small statement to the access-list to permit that traffic that got blocked.

I noticed with the logging now that it seems PIX does log alot more info of its use and events than the switch. I get the used commands to the syslog server from PIX but the server doesnt take note of the commands i have inputted on the switch.

Is there a way to get absolutely everything i enter on the command line of the switch to the syslog server? From there on in i could select the things i eventually want to stay logged.

Thank you again for the replys

- Jouni Forss

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to Jouni Forss

‎06-18-2007 04:16 AM

syslog, afaik, does not offer command logging. you need to use tacacs+/CSACS to get that sort of detail. on the PIX however, it will syslog every command you enter.

does anyone know of a way to get an IOS device to syslog entered commands?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card