Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Super Bronze

Catalyst 3550 Switch logging to syslog server

EDIT: Seems i was on the wrong part of the forums when i started typing this post. Sorry about that.

Hi,

As a part of my final work at school im now trying to get 2 networking devices to send all event data to a syslog server inside the local network.

I have:

- Catalyst 3550 switch

- PIX 515E

Now the logging from PIX to the server works fine and without any problems. It was easy to configure and easy to modify also.

I have been trying to configure the same for the 3550 switch but wont get any messages to the server from the switch. Heres what ive configured so far:

Switch(config)#logging on

Switch(config)#logging facility syslog

Switch(config)#logging source-interface GigabitEthernet 0/1

Switch(config)#logging host <Server IP Address>

Switch(config)#logging trap debugging (or 7)

On the server i have setup the logging so that the server listens to messages from UDP port (default 514) and the TCP port 1470 (default).

I get log from the PIX but not C3550 switch. What might be the reason for this?

Is there something else i need to configure on the switch? Like define more specifically what the switch should log and send to the server?

Hope to get both devices logging to the server as i think its an important part in keeping an eye on whats happening in the network and its devices.

Any help would be appriciated

- Jouni Forss

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: Catalyst 3550 Switch logging to syslog server

Your logging facility may not be entirely correct which will depend on your syslog.conf file. Try changing it to local4 which is what the PIX logs to by default.

ciscoswitch(config)# logging facility local4

Post a copy of the syslog.conf file if youd like.

Gold

Re: Catalyst 3550 Switch logging to syslog server

to get even more basic, make sure the switch can ping your syslog server (ie make sure the default gateway on the switch is set correctly, unless it's in routing mode).

4 REPLIES
New Member

Re: Catalyst 3550 Switch logging to syslog server

Your logging facility may not be entirely correct which will depend on your syslog.conf file. Try changing it to local4 which is what the PIX logs to by default.

ciscoswitch(config)# logging facility local4

Post a copy of the syslog.conf file if youd like.

Gold

Re: Catalyst 3550 Switch logging to syslog server

to get even more basic, make sure the switch can ping your syslog server (ie make sure the default gateway on the switch is set correctly, unless it's in routing mode).

Super Bronze

Re: Catalyst 3550 Switch logging to syslog server

Thanks for the replys,

I changed the setting as described in the first reply and got it to work.

However my switch access-list showed denied icmp messages going from the server to the gateway on the switch. All this though i have echo and echo-replys permitted "any any" from the server vlan. I guess there are some other type ICMPs that got blocked there?

I added a small statement to the access-list to permit that traffic that got blocked.

I noticed with the logging now that it seems PIX does log alot more info of its use and events than the switch. I get the used commands to the syslog server from PIX but the server doesnt take note of the commands i have inputted on the switch.

Is there a way to get absolutely everything i enter on the command line of the switch to the syslog server? From there on in i could select the things i eventually want to stay logged.

Thank you again for the replys

- Jouni Forss

Gold

Re: Catalyst 3550 Switch logging to syslog server

syslog, afaik, does not offer command logging. you need to use tacacs+/CSACS to get that sort of detail. on the PIX however, it will syslog every command you enter.

does anyone know of a way to get an IOS device to syslog entered commands?

1617
Views
0
Helpful
4
Replies
CreatePlease to create content