Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1434
Views
10
Helpful
3
Replies

Logs from Routers and Switches not reaching sys log server

Go to solution
SusindranGR4093
Level 1
Level 1

‎05-23-2019 05:10 AM

Hello All,

 

As part of device compliance, we have been requested to make sure that all the device logs are reflecting in our syslog server. 

Our team has been notified that multiple devices are still not getting reflected in our sys log server. 

Compared the configuration, checked the routes, and firewall blocks but couldn't find any blockers. 

 

Both working and no working device have the same syslog server configured.  I have cases where routers configured with HSRP has Active device getting reflected but standby device not getting reflected in Qradar.

 

Syslog server- Qradar

Kindly advise. 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SusindranGR4093

‎05-23-2019 08:59 AM

Apologies for the UDP telnet, i totally lost it.

 

1. other side need to check - in the device what interface use to send logs

2. post show logging

3. if the linux server is syslog server run tcpdump see any packets hitting on the interface from the device.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-23-2019 07:27 AM

as long as you have configuration correct the logs should send to syslog server.

 

do simple test from your router where the logs not sent see the device can reach the syslogs server.

 

1. ping syslog server - working

2. telnet syslogserver ip with port 514 see the connection open for you.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
SusindranGR4093
Level 1
Level 1
In response to balaji.bandi

‎05-23-2019 08:12 AM

Hello Balaji,

 

Thank you for the suggestion. 

 

Ping failed. 

Telnet worked for port 601. As 514  is a UDP port, I doubt that telnet will work. 

 

Net-Net

Route is available. But logs are not getting reflected in syslog server. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SusindranGR4093

‎05-23-2019 08:59 AM

Apologies for the UDP telnet, i totally lost it.

 

1. other side need to check - in the device what interface use to send logs

2. post show logging

3. if the linux server is syslog server run tcpdump see any packets hitting on the interface from the device.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card