Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Syslog issue

Hi Experts,

we have a new 2800 router installed, but I cannot get it to send logs to a Kiwi syslog..I have configured the logging <IP addr> command on the router. I have also configured "logging buffered informational" and verified that the Syslog service is running.

Please can someone help if there is anything else that I need to configure/check in order to achieve this.

Many thanks in advance.

Imran.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Syslog issue

It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?

15 REPLIES

Re: Syslog issue

I would test it by setting the level to debugging. Informational may not be sending anything.

Hall of Fame Super Gold

Re: Syslog issue

Imran

Changing the severity level might be helpful as you troubleshoot this issue. You mention the logging level of the logging buffer on the router. But that does not impact the logging level to the server. What logging level did you configure for the server?

I would also suggest that you check to make sure that you have proper IP connectivity from the router to the configured server. Can you ping the server address from the router?

It might be helpful if we could see the config of the router. Can you post the config - or at least post the output of show run | include log

HTH

Rick

New Member

Re: Syslog issue

Sir,

Please find the config required. yes I can ping the syslog from the router.

XXXXX#sh run | i log

service timestamps log datetime msec

logging buffered 4096 debugging

logging 10.8.1.22

login local

login local

login local

login local

TRUTHN#

XXXXX#ping 10.8.1.22

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.8.1.22, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

XXXXX#

many thanks,

Imran.

Re: Syslog issue

Can you post the first 10 lines of a show log? That will verify that your sending to syslog server and what the level is.

New Member

Re: Syslog issue

XXXXX#sh log

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 5446 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 873 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 3387 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level informational, 5451 message lines logged

Logging to 10.8.1.22, 3583 message lines logged, xml disabled,

filtering disabled

Log Buffer (4096 bytes):

%LINK-3-UPDOWN: Interface Serial0/3/1, changed state to down

Hall of Fame Super Gold

Re: Syslog issue

Imran

Thanks for posting the additional information. It does help to demonstrate that the router is generating syslog messages and is sending them to 10.8.1.22. And it helps that you show that you can ping this address.

I wonder if it is possible that there is some device with an access list or a firewall that is not permitting the syslog data to get through?

HTH

Rick

New Member

Re: Syslog issue

Hi Rick,

There is no firewall. The Fastethernet of router is the gateway for the syslog server.

Could it be some setting on the syslog server...we are using the Kiwi syslog.

Imran.

Re: Syslog issue

It could be. Can you post a screenshot of the setup or post the .ini file? Does the 'send test message to localhost' work?

New Member

Re: Syslog issue

Sir,

It does send a test message to the console.

I am attaching the .ini file for your reference.

Thanks for helping.

Regards,

Imran.

Re: Syslog issue

Thanks for posting the ini file. Kiwi is looking for syslog on UDP port 162 (default is UDP 514), which is also SNMP Trap. Do you have your router configured to send syslog on port 162 instead of 514?

HTH and please rate.

New Member

Re: Syslog issue

I've not changed the default config on router so I guess it may still be sending to UDP port 514.

Do you think I should just change the port setting on Kiwi to 514, that would be easier.

Can I do that?

Re: Syslog issue

It's easier to do in in Kiwi. Go to File, Setup, and about 3/4 of the way down you should see Inputs. Under Inputs you'll see UDP (among others). Click on it and on the right side, put 514 for the UDP Port. Leave the Bind to IP blank, and make sure 'Listen for UDP syslog messages' is checked. Let us know what happens!

HTH and please rate.

New Member

Re: Syslog issue

Sir,

I shall try that first thing tomorrow morning when I go to work.

{Its 1.40 AM in the morning here in India :-)}

Thanks a ton for your valuable time.

I will advise the outcome tomorrow.

Imran.

New Member

Re: Syslog issue

Sir,

Thanks a ton for your help.

I followed your instructions and got it working.

Many thanks again,

Imran.

Re: Syslog issue

Glad to hear its working and thanks for the points

236
Views
31
Helpful
15
Replies
CreatePlease to create content