03-10-2009 12:09 PM - edited 03-04-2019 03:53 AM
Good day.
I am trying to configure our core to use the syslog server instead of buffering line items. I have configure logging to 10.10.10.10, but how do I tell the information being logged in the buffer to use the syslog server instead of buffer?
Can I use a command like "permit ip any any syslog" instead of permit ip any any log?
Thanks
Dwane
Solved! Go to Solution.
03-11-2009 01:58 PM
161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.
Your basic logging would be like:
logging on
logging trap 6
logging host 5.5.5.5 <-- your syslog server
HTH,
John
03-10-2009 12:13 PM
If no ACL is configured, u just need to put
logging (IP Address)
Reg
03-10-2009 12:29 PM
You also need to trap your logs:
loggin trap 6 (or whatever level you want)
The higher levels log everything underneath, so 6 also logs 5,4,3,2, and 1.
HTH,
John
03-11-2009 11:18 AM
John,
What if we have ACLs that are being logged to the buffer now? How do I send them to the syslog server and how processor intensive is all of this if we off load form the buffer to a syslog server?
Thank you
Dwane
03-11-2009 11:22 AM
Anything that's in the buffer can't be moved to your syslog server, but any new logs can be redirected to it. As far as being processor intensive, it shouldn't be hard on your router at all.
HTH,
John
03-11-2009 01:48 PM
If I have the following command, how do I send it to a syslog server instead of the buffer:
access-list 210 deny udp any any eq 161 log
Dwane
03-11-2009 01:58 PM
161 is your SNMP port. Syslog runs on UDP 514, so this access list won't affect it.
Your basic logging would be like:
logging on
logging trap 6
logging host 5.5.5.5 <-- your syslog server
HTH,
John
03-13-2009 05:38 AM
Yes, I know that but if I want send log entries pertaining to such a command, then the aforementioned statements will work?
If so, then that is great.
Dwane
03-13-2009 06:25 AM
Yes, these commands will work. You can also leave your logging buffered commands, and it will log in two places if you're concerned about losing your logs. You can also log to more than one syslog server, etc.
Thanks for the rating!
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide