Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco MARS Syslog not working

I have a Cisco MARs Local Controller running on version 6.0.8 ( 3428 ). I have configured the devices to send syslog messages to MARS, but MARS is not receiving any syslog messages and the syslog service is not running in MARS. Can anybody help on this issue?

7 REPLIES
New Member

Re: Cisco MARS Syslog not working

When you say "syslog service is not running in MARS", how did you verify that?  Did you run the "pnstatus" command at the CLI?

Also, you didn't mention whether you've added the devices as "reporting devices" in MARS.  When they're added in MARS, it will try to connect to the devices to discover them.  This might help indicate if there's a connectivity issue between MARS and the devices, which might prevents logs from being delivered as well.

Re: Cisco MARS Syslog not working

I have run the pnstatus and all services are running, except syslog. I can also see a service named securesyslog, but when I am doing a port scan on the MARS IP I can't see the port 514 open. And during the discovery process MARS discovered the devices, but all the devices that I have added in MARS is shown as "Inactive CS-MARS reporting device".

New Member

Re: Cisco MARS Syslog not working

> all services are running, except syslog

Well, there's no service actually named "syslog" on a running MARS appliance.  I think that incoming syslogs are handled by the "pnparser" process.  You can read more details in the "MARS Initial Configuration and Upgrade Guide", under "List of Backend Services and Processes".

Can you upload the output of the pnstatus command from your appliance?

> a service named securesyslog

This is the process that handles encrypted syslogs, say for an ASA.  This is essentially standard syslog, but encrypted in transport using certificates.  The port for secure syslog is TCP/1470.

> doing a port scan on the MARS IP I can't see the port 514 open

That's normal.  On a standard scan, the only port that will be reported "open" is TCP/22 for SSH.

*edited to change command to "pnstatus", not "pnparser", but you figured that out already

Re: Cisco MARS Syslog not working

I have used the following CLI commands in a router to enable syslog, please let me know if I am missing anything. I have done this based on the MARS documentation:

logging host

logging trap

logging on

New Member

Re: Cisco MARS Syslog not working

Did you also enter the command:

(config)# logging source-interface

The IP address of the interface specified should match the device's "Reporting IP" configured in MARS.

Re: Cisco MARS Syslog not working

Yes, I forgot to mentioned that I have configured the logging source interface and it is matching with the Reporting IP configured in MARS. Is there any limititation for the local controller to process syslog messages? I am not having the global controller at all.

743
Views
0
Helpful
7
Replies
CreatePlease login to create content