I have done the syslog remote configuration on the switch. However, logs are not being received to the server and when doing capture on the firewall, we have noticed that the switch is not sending the logs to the default port UDP 514 but to random port each time ( being incremented ).
Kindly find below the logs.
Can you please advise what's wrong?
Deny udp src MPROR:10.160.124.166/40865 dst To-Falcon:10.19.28.221/33437 by access-group "
Oct 28 17:56:32 Deny udp src MPROR:10.160.124.166/33007 dst To-Falcon:10.19.28.221/33438 by access-group "
Oct 28 17:56:35 Deny udp src MPROR:10.160.124.166/32790 dst To-Falcon:10.19.28.221/33439 by access-group "
Oct 28 17:56:38 Deny udp src MPROR:10.160.124.166/37362 dst To-Falcon:10.19.28.221/33440 by access-group "
Oct 28 17:56:41 Deny udp src MPROR:10.160.124.166/35964 dst To-Falcon:10.19.28.221/33441 by access-group "
Oct 28 17:56:44 Deny udp src MPROR:10.160.124.166/33659 dst To-Falcon:10.19.28.221/33442 by access-group "
Oct 28 17:56:47 Deny udp src MPROR:10.160.124.166/33024 dst To-Falcon:10.19.28.221/33443 by access-group "
Oct 28 17:56:50 Deny udp src MPROR:10.160.124.166/36429 dst To-Falcon:10.19.28.221/33444 by access-group "
Oct 28 17:56:53 Deny udp src MPROR:10.160.124.166/38646 dst To-Falcon:10.19.28.221/33445 by access-group "
Oct 28 17:56:56 Deny udp src MPROR:10.160.124.166/37650 dst To-Falcon:10.19.28.221/33446 by access-group "
Oct 28 17:56:59 Deny udp src MPROR:10.160.124.166/34049 dst To-Falcon:10.19.28.221/33447 by access-group "
Oct 28 17:57:02 Deny udp src MPROR:10.160.124.166/39291 dst To-Falcon:10.19.28.221/33448 by access-group "
Oct 28 17:57:05 Deny udp src MPROR:10.160.124.166/33938 dst To-Falcon:10.19.28.221/33449 by access-group "
Oct 28 17:57:08 Deny udp src MPROR:10.160.124.166/42739 dst To-Falcon:10.19.28.221/33450 by access-group "
Oct 28 17:57:11 Deny udp src MPROR:10.160.124.166/33979 dst To-Falcon:10.19.28.221/33451 by access-group "
There shouldn't be any port randomization going on. The syslogs should be leaving the switch destined to udp/514. Is there any Port Address Translation between the switch and the firewall that could be accounting for this? Can you perform a packet capture close to the switch to confirm the syslog messages are being destined correctly?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.