Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2852
Views
0
Helpful
6
Replies

cisco syslog not receiving logs on siem

sharon.gatdula
Level 1
Level 1

‎02-21-2020 10:19 PM

I configured logging on my 3750 with the following commands.

But when i checked on the server it is not receiving logs. I have the same configured on another device but it is receiving logs on the server. What seems to be the problem here? Am i missing additional configuration?

Thanks for the support.

 

logging buffered informational
logging history notifications
logging alarm informational
logging facility local6


logging <ip address>

 

output of show logging
Logging to 10.x.x.x (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
162 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

Labels:
0 Helpful
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎02-21-2020 11:31 PM

 

 - Below is a thread concerning testing the syslog server ; 

              https://community.cisco.com/t5/network-management/send-custom-message-to-syslog/td-p/1315739

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-22-2020 05:18 AM

what is the switch IP address, and did the switch able to reach your Syslog IP address 10.x.x.x?

 

do you have any FW in between ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sharon.gatdula
Level 1
Level 1
In response to balaji.bandi

‎02-22-2020 06:17 AM

yes it can reach the server. there's no firewall in between.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sharon.gatdula

‎02-22-2020 02:01 PM

what kind of Syslog server is this, do you have any ACL on the switch ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sharon.gatdula
Level 1
Level 1
In response to balaji.bandi

‎02-23-2020 03:14 AM

yes i have acl on the switch. syslog server is Arcsight.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sharon.gatdula

‎02-23-2020 03:59 AM

As per the orginal post you have other devices able to send logs to Arcsight, except this device, and you have confirmed that there is ACL, kindly look that ACL may be blocking, as per show logging, you can clearly see that logs are shipped.

 

2 Options.

 

1. for testing disable ACL and test it.

2. run debug on Arcsight see from this IP you able to get Logs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents