Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1621
Views
0
Helpful
3
Replies

Logs are not capturing in syslog from Router

ciscoavinash
Level 1
Level 1

‎05-08-2016 08:50 PM

Hi Team,

We have syslog server configured on linux . We have pointed all the network devices logs to that server.

I have a challenge with one of my router. In show logging it shows these many lines are logged but in syslog i don't see any entry for this host with host name or ip address.

config

logging buffered informational
logging enable
logging size 200
ip sla logging traps
logging 127.1.1.1 

Changed my Ip

show logging output

Syslog logging: enabled 57611480 messages dropped, 5 messages rate-limited,
2 flushes, 0 overruns, xml disabled, filtering disabled

No Active Message Discriminator.

No Inactive Message Discriminator.


Console logging: level debugging, 1607 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 155 messages logged, xml disabled,
filtering disabled
Buffer logging: level informational, 1650 messages logged, xml disabled,
filtering disabled
Logging Exception size 4096 bytes
Count and timestamp logging messages: disabled
Persistent logging: disabled
Trap logging: level informational, 2431 message lines logged
Logging to 127.1.1.1 udp port 514, audit disabled,
authentication disabled, encryption disabled, link up,
906 message lines logged,
0 message lines rate-limited,
0 message lines droppedbyMD,
xml disabled, sequence number disabled
filtering disabled


 Please let me know if any of you have faced this issue??

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

‎05-09-2016 03:00 AM

Are the logs even going to buffer as its sets for that too or is it just syslog not working ?

This router can definitely reach the syslog server yes no acls blocking it or something up path

did you try logging trap debugging and then run a debug o the router in case its just an issue with informational messages see if that works

If all other devices are working and just this router is not,  your syslog server is working so you may have hit a bug on this version of IOS

You could also try span the port capture the traffic with rite or span/epc depending what's available see if the syslog's are breaking out of the router

0 Helpful

ciscoavinash
Level 1
Level 1
In response to Mark Malone

‎05-09-2016 04:23 AM

Hi Mark,

yes, I could see logs in buffer. 

I tired by enabling logging trap debugging and did debug few services but no result.

i couldn't see any entry still in syslog.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to ciscoavinash

‎05-09-2016 05:41 AM

That sounds as if something is up with the IOS especially if other devices are working ok  , what version are you currently on show ver or dir will give you this

another thing to try is make sure the path between the server and router is open not just for ICMP but for syslog 514 as well , to test this you can telnet to the server from the router or client attached to the router and use the port number 514 this will return if working correctly a telnet prompt screen with cursor , this is to make sure no devices in the path are blocking syslog , if pings  and syslog is working from router if it was my device  thenxt thing I would look at is changing the software version as you probably hit a defect in the IPOS version

Example

https://kb.acronis.com/content/7503

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card