Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Syslogging on a Catalyst 4510

Morning all -

Syslogging from various older switches (2950, 3500,3650, etc) to a GFI syslog server works. Cannot get the 4510's to work. Shows messages being sent to the server but Wireshark confirms the packets do not arrive at the Syslog server.

In each case the cfg lones are the same-

Logging trap debugging ( or higher)

Logging 10.2.5.96

Tried logging facility local3 as well as the default.

Any ideas ? Thanks.

6 REPLIES
Silver

Re: Syslogging on a Catalyst 4510

Hi,

Do you have logging enabled by 'logging on' ?

Would be good if you could paste an output of the 'show logging' header (before the actual log messages).

Can you reach the syslog server from the Cat4500, for instance by pinging it?

Do you have any ACLs applied on the interfaces which might block syslog traffic?

Andras

Community Member

Re: Syslogging on a Catalyst 4510

Hi Andras

Yes logging is on, the Syslog server is pingable and traceroute returns the expected path. I have attached a log file with the sh logging output.

thanks

Silver

Re: Syslogging on a Catalyst 4510

The show logging output looks fine.

You mentioned Wireshark capture. Where did you capture the traffic? Did you try doing a SPAN capture on the 4500 switchport? Did you see the syslog traffic there?

Is the server directly connected to the switch? If not, you could try connecting it directly or capture traffic at each segment to see at which point you start losing syslog traffic.

By the way, what IOS version are you running?

Community Member

Re: Syslogging on a Catalyst 4510

Sorry for the delay. Running 12.2(25). I spanned the switchport of the Syslog server which is in another switch. The logging traffic from the 4510 was not making it that far. I'll try segment by segment to find the loss point.

Thanks for your help...

Community Member

Re: Syslogging on a Catalyst 4510

And the problem was - traffic WAS being sent to the server but showed a VLAN Virtual IP (server VLAN)  as the source. The traffic we expected to see, and the IP we were sniffing, was from the loopback address which was on a different VLAN.  

Silver

Re: Syslogging on a Catalyst 4510

Hi,

Thanks for the update. I'm glad you found the cause of the issue.

Andras

572
Views
0
Helpful
6
Replies
CreatePlease to create content