Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WRVS4400N Syslog Output with incorrect IP

Hi there,

I`m configuring a WRVS4400N router to log all internet accesses to a Mac OS Server via syslog.

I was able to configure the server to listen to syslog and receive the logs from the router. The problem is the the last digit of the internal IP in the syslog is missing:

Jan  7 15:16:26 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 64269 --> 189.38.95.95:53

Jan  7 15:16:26 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 63035 --> 189.38.95.95:53

Jan  7 15:17:01 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 53822 --> 173.194.118.15:443

Jan  7 15:17:37 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 53822 --> 173.194.118.15:443

The correct (as in the internal router log) should be:

Jan 7 15:16:26 - [Access Log]O UDP Packet - 192.168.1.11:64269 --> 189.38.95.95:53

Jan 7 15:16:26 - [Access Log]O UDP Packet - 192.168.1.11:63035 --> 189.38.95.95:53

Jan 7 15:17:01 - [Access Log]O UDP Packet - 192.168.1.12:53822 --> 173.194.118.15:443

Jan 7 15:17:37 - [Access Log]O UDP Packet - 192.168.1.12:53822 --> 173.194.118.15:443

Note that the "1.11:" and "1.12:" got substituted by "1.1]: " in the syslog file, so I can't find out from which IP the access was...

Does anyone have any idea how to solve this?

Thanks!

Everyone's tags (4)
1 REPLY
Green

WRVS4400N Syslog Output with incorrect IP

Hi Manuel, I am not sure how to interpret. This router is quite old and end of life / end of sale so it could be an unresolved bug. A theory may be it is considering itself the routed hop when sending the syslog to your server.

One thing I'd ask you to do, do you have IPS enable? If so, can you disable it ? IPS on this router does strange things so I wouldn't discount it. Unfortunately, aside from saying upgrade software / reflash software or possible default the router, there's not much in the way of suggestion as this is a rather old device.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
221
Views
0
Helpful
1
Replies