Syslog logging: enabled (1 messages dropped, 1 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 2465 messages logged, xml disabled,
Monitor logging: level debugging, 0 messages logged, xml disabled,
Buffer logging: level debugging, 2465 messages logged, xml disabled,
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level debugging, 2469 message lines logged
Logging to 192.168.1.10 (udp port 514, audit disabled), 2469 message lines logged, xml disabled,
Logging to 192.168.1.252 (udp port 514, audit disabled), 0 message lines logged, xml disabled,
C1700 Software (C1700-IPBASE-M), Version 12.4(1a), RELEASE SOFTWARE (fc2)
On previous versions IOS it works!
What is the trick?
Solved! Go to Solution.
This bug is for IOS only. I couldn't find a PIX bug for this symptom. I did find an indication that multiple syslog destinations do work in 6.3, but I didn't see a specific 6.3 release.
Thanks for your prompt answer!
The problem somewhere other side because I can't ping the new syslog server. I don't know why.
They are in the same segment so now I've got no ideas. :-(
Can you tell me what thought PIX about the next MAC: 00:00:00:00:00:00?
It is the MAC of the syslog server!
Other machines (PCs, 2 SUN WSs, etc) work perfectly with that funny MAC.
Is the PIX sending a packet with a source MAC of 00:00:00:00:00:00 or is this the MAC being reported by the syslog server?
Every machine can communicate with that PC except Cisco PIX 501. Even a Cisco 1721 router!
I know this MAC address not the best ...
Why are you using the MAC. It's generally considered invalid as it is used things such as in ARP packets, and some of our devices will complain if they see packets sourced from such a MAC. A NIC claiming to have such a MAC is either broken or did not get a proper MAC burned into at the factory. If you can't replace the NIC, try changing the MAC in software.
I think you know the source of my problem: my motherboard forgot its MAC which was burned into at factory.
I will change it but now the PC is a firewall, too, so not to easy just put into down state. And it is not trivial I can change from software (OpenSUSE 10.3). I found some instructions on the Net. So I change it ASAP.
I don't understand why my PIX hates at all this address if SUN ws (and other LAN devices) work happily.
I'm not sure this is the problem with PIX. But maybe ...
My problem was solved.
I sshed from the outside interface of my bad MAC PC and ifconfig command changed the MAC address successfully.
PIX can able to send syslog messages to this server, too.