cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
0
Helpful
9
Replies

Syslog Forwarding to My PC

rst3785
Level 1
Level 1

I'm running CW LMS 4.0.1 and I see in packet captures on my PC that my CiscoWorks server is sending syslog entries to my PC that are getting rejected because I'm not running a syslog server application. I want to stop receiving these syslog entries. I'm sure this is a simple setting somewhere, but for the life of me I can't find it anywhere. Does anybody know how I can stop receiving these syslog entries? Any help would be much appreciated.

Thank you,

Rob

9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

It could have been setup as a remote syslog collector under Admin > Collection Settings > Syslog > Syslog Collection Settings. (Reference)

That was my first thought, but there is nothing entered there. I wonder if something was left behind from a previous version after an upgrade.

Rob

If you're running on a Windows host, there might be another forwarder operating outside of LMS. These can sometimes run as a service and not be obvious at first (or second) glance.

Check your Services from the Windows admin tools. Also, if you run tcpview (free Microsoft download) on the server you can confirm what process (and thus what application) is opening the connections to your local machine.

It definitely looks like it's the Ciscoworks application running as a system process over port 1741.

Can you provide a packet capture?

Packet capture added to my original post.

That capture shows syslog messages from a Cisco router at 10.80.1.1 to a Dell host at 10.96.17.10.

So that capture would seem to indicate the router (not LMS) has the host defined as a log server.

Oops.  My bad.

In addition it seems FastEthernet0/170 & FastEthernet0/180 seem to be going up & down often.

Review Cisco Networking for a $25 gift card