Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to capture logging mssgs on a 2821 router?

How do I direct logging data from the 2821 router to be stored on a workstation? I have downloaded Kiwi Syslog Daemon on to the workstation, however, logging is not captured. The command for the syslog server was configured on the router. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Said

As a bare minimum you need to configure on the router

logging host

logging trap

where level is a value between 1 & 7. 7 is debugging and will send the most messages to your syslog server and 1 is alerts.

To test you could set it up as informational (6) and save the config on your router. This should generate a syslog message to your syslog server.

Jon

24 REPLIES
Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Said

As a bare minimum you need to configure on the router

logging host

logging trap

where level is a value between 1 & 7. 7 is debugging and will send the most messages to your syslog server and 1 is alerts.

To test you could set it up as informational (6) and save the config on your router. This should generate a syslog message to your syslog server.

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

Jon,

Does logging Informational (6) include all logging messages from severity 1-6?

Thanks.

Said

Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Said

Yes it does. Each level includes level 1 to that level.

Once you have got it working generally level 4 (warnings) or level 3 (errors) is a good one to use.

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

Jon,

On the Kiwi Syslog Setup> Listen for UDP Syslog messages>Data Encoding, there is drop down menu: System, Other, ANSI, UTF-8, Shift-JIS, EUC-JP, BIG5 and Chinese. System is default-is this ok?

Still have not received any logging messages on the Kiwi Syslog daemon.

Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Said

Haven't used kiwi for long time but i don't remember having to do anything special with the encoding.

You can ping your syslog server from the router ?

If you have a packet sniffer eg. ethereall you can run this on the same machine as kiwi syslog and see if the machines is receiving packets from the router.

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

I must have deactivated the echo feature on the router. Ping (Syslog server's IP results in "% Unrecognized host or address, or protocol not running." The config of the production router was copied to a 2621 lab router with modifications. Do you know how enable echo on the lab router?

Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Said

What are you actually typing in when you try to ping. Can you post the full command line you are using.

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

how do you set the set the con 0 password to the enable secret password?

sorry to deviate.

Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Presuming you know the enable secret password

router(config)# line con 0

router(config-line)# password 0

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

Jon,

The following command still reverts to the type 7 password.

router(config)# line con 0

router(config-line)# password 0

New Member

Re: How to capture logging mssgs on a 2821 router?

Jon,

I set up the lab router today, forgot to copy the run config to start, turned off the router. I give the fa0/0 int on the lab router an address on same subnet on our LAN. A straight through cable connects the lab router to the LAN. I can ping the lab router from a workstation, yet I can not ping the workstation from the router. So on a lab router replicating the production router requires its own separate network, yes?

Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

As long as your lab router is using a unique IP address out of the LAN range you should be fine.

Perhaps you could post the addressing etc. Can you also check if you have an access-list applied to the fa0/0 interface.

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

Jon,

Thanks for your help. I have to read up on Kiwi Syslog Daemon to know how to use it.

Regards.

Said

Hall of Fame Super Blue

Re: How to capture logging mssgs on a 2821 router?

Said

No problem. If i get the time i will have a look as well to make sure there isn't something obvious we are missing.

Appreciate the rating.

Jon

New Member

Re: How to capture logging mssgs on a 2821 router?

Jon,

On the production router, provided the following commands. Still nothing displays on the syslog server.

logging host 192.168.1.180

logging trap 6

exit

copy run start

aaa
New Member

Re: How to capture logging mssgs on a 2821 router?

Do you have logging facility in the 2821?

New Member

Re: How to capture logging mssgs on a 2821 router?

I have included the folowing statements.

logging on

logging host 192.168.1.180 [workstation/syslog computer]

logging trap 6

exit

copy run start

New Member

Re: How to capture logging mssgs on a 2821 router?

I prefer to send the router's logs to a separate computer to accept and store the logs. So far, I have not been successful in configuring Kiwi Syslog Daemon to accept the messages from the router.

Bronze

Re: How to capture logging mssgs on a 2821 router?

Basic question: Is there a firewall running on the syslog host?

-John

New Member

Re: How to capture logging mssgs on a 2821 router?

Yes, Windows firewall is running on the syslog host.

Bronze

Re: How to capture logging mssgs on a 2821 router?

Ok, either turn it off for testing or set an exclusion for UDP/514.

New Member

Re: How to capture logging mssgs on a 2821 router?

UDP/514 was added to exceptions, still no messages. Are you familiar with setting Kiwi Syslog?

New Member

Re: How to capture logging mssgs on a 2821 router?

I can ping from the Syslog computer to the router.

New Member

Re: How to capture logging mssgs on a 2821 router?

Hi Jon,

I got Kiwi Syslog working. The following are from syslogs on ASA5510 firewall. Do the two mssgs look right to you?

07:40:25: %ASA-4-419002: Duplicate TCP SYN from Inside: 192.168.1.170/3229 to outside:82.42.69.140/4219 with different initial sequence number

(I can not find who has IP 192.168.1.170. Trend Micro shows no one on the LAN .170

ASA-4-313005 : No matching connection for ICMP error message: icmp src outside: 76.189.113.82 dst inside: 207.105.y.x (type 3, code 1) on outside interface: Original payload: udp src 207.105.y.x/3919 dst 192.168.1.100/49593

Thanks.

Said

391
Views
0
Helpful
24
Replies