Solved: Re: Validation of Syslog Sending On a Catalyst 3550

pandreozzi · ‎09-08-2021

Hi all. I am setting up syslog from an older device (3550) that needs to send from information down to alerts to a syslog server. I have the following config.

show version
Cisco WS-C3550-12G

ios version
flash:c3550-ipservicesk9-mz.122-55.SE7/c3550-ipservicesk9-mz.122-55.SE7.bin

There is some log information showing on the remote destination but the syslog vendor indicates he should be getting more.

I know this is old architecture but need to send everything to a new syslog collector

show run | include syslog
notify syslog contenttype plaintext

show run | include logging
no logging queue-limit
logging rate-limit 50
logging enable
logging size 200
logging event trunk-status
logging event spanning-tree
logging event trunk-status
logging event spanning-tree
logging event trunk-status
logging event spanning-tree
logging history informational>>>>>>>>>>>>>>>>>this I assume will send everything and below
logging source-interface Loopback0
logging host 10.254.164.15 transport udp port 9516
privilege exec level 15 show logging
logging synchronous

When I display the show logging I get below

Trap logging: level informational, 96250 message lines logged >>>>>>>>>>Noted
Logging to 10.254.164.15 (udp port 9516, audit disabled,
authentication disabled, encryption disabled, link up),
4299 message lines logged,>>>>>>>>>>>>>>>>>>>>>>>>>>I would expect this number to be higher
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

Any/All help is greatly appreciated.

marce1000 · ‎09-09-2021

- You need Netflow for flow data.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎09-09-2021

- Use a more minimized configuration level concerning syslog-setup as in :

logging host 10.254.164.15 transport udp port 9516

logging trap level 6

The latter being an example the digit indicates the logging-level (how far you want to go), check this table concerning their description

https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html#wp1054858

Meaning for '7' everything will be logged and or you can expect a lot of syslog-messaging then.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

pandreozzi · ‎09-09-2021

Thanks M. i appreciate your input I will try your suggestion as I want everything except debugging so 6 should work. I will reply back later today with the results.

Paul

pandreozzi · ‎09-09-2021

I have another question. I think I know the answer but I want to confirm.

Does syslog show flow data or do we need to use NetFlow.

marce1000 · ‎09-09-2021

- You need Netflow for flow data.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

pandreozzi · ‎09-09-2021

Thanks M for the quick response. I kinda knew that because I am a Juniper guy and use JFlow so I was just validating.