cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
0
Helpful
1
Replies

Trouble in Syslog Validation (send log)

Nitzbegin
Level 1
Level 1

I am doing a project to to capture the Syslog from the switches and routers, so for most of devices i can generate the syslog by giving the command " send log" and so that i would receive the same locally as well in the tool.

Note : These devices are in production.

We have a monitoring tool " Stablenet v6.72" i think syslog is also the same(same utility in Stablenet)

The problem iam facing is, for many devices i am not able to give the test command as they are running an IOS c3560-ipbase-mz.122-25.SED1.bin.

I have configured the syslog server on all the devices and there is reachability and port 514 is opened though,

I do make you know that we have many firewalls in the network and i belive tat all the devices have reachability to the Syslog server, ( My firewall blocks the Ping traffic and traceroute traffic) so i unable to find out which firewall blocks.( if it is so)

Please let me know how do i validate remaining 1200 devices. :(

Please help me,

 

Nithin M

 
1 Reply 1

pvanvuuren
Level 3
Level 3

Hi Nithin

my advice is to issue a command on each device that will initiate a syslog message. At least this way you can be sure its working, since you will always expect the same kind of syslog message. I know for example if you have the syslog severity set to level 5 you will get "configuration change" messages.  To set your level enter this command: 

'logging trap notifications'

And then , by entering into config mode ( "conf t" ) as well as exit out of config mode a CONF_I syslog message will be sent immediately as you exit out configuration mode.

hope it helps.

Cheers

Pierre

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: