Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2282
Views
0
Helpful
5
Replies

Validation of Syslog Sending On a Catalyst 3550

Go to solution
pandreozzi
Level 1
Level 1

‎09-08-2021 09:43 AM

Hi all. I am setting up syslog from an older device (3550) that needs to send from information down to alerts to a syslog server. I have the following config.

show version
Cisco WS-C3550-12G

ios version
flash:c3550-ipservicesk9-mz.122-55.SE7/c3550-ipservicesk9-mz.122-55.SE7.bin

There is some log information showing on the remote destination but the syslog vendor indicates he should be getting more.

I know this is old architecture but need to send everything to a new syslog collector

 

show run | include syslog
notify syslog contenttype plaintext

 

show run | include logging
no logging queue-limit
logging rate-limit 50
logging enable
logging size 200
logging event trunk-status
logging event spanning-tree
logging event trunk-status
logging event spanning-tree
logging event trunk-status
logging event spanning-tree
logging history informational>>>>>>>>>>>>>>>>>this I assume will send everything and below
logging source-interface Loopback0
logging host 10.254.164.15 transport udp port 9516
privilege exec level 15 show logging
logging synchronous

 

When I display the show logging I get below


Trap logging: level informational, 96250 message lines logged >>>>>>>>>>Noted
Logging to 10.254.164.15 (udp port 9516, audit disabled,
authentication disabled, encryption disabled, link up),
4299 message lines logged,>>>>>>>>>>>>>>>>>>>>>>>>>>I would expect this number to be higher
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

 

Any/All help is greatly appreciated.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP
In response to pandreozzi

‎09-09-2021 08:41 AM

 

                - You need Netflow for flow data.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

0 Helpful
5 Replies 5

Go to solution
marce1000
VIP
VIP

‎09-09-2021 03:51 AM

 

 - Use a more  minimized configuration level concerning syslog-setup as in :

          logging host 10.254.164.15 transport udp port 9516

          logging trap level 6

 The latter being an example the digit indicates the logging-level (how far you want to go), check this table concerning their description 

               https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html#wp1054858

 Meaning for '7' everything will be logged and or you can expect a lot of syslog-messaging then.

 

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
pandreozzi
Level 1
Level 1
In response to marce1000

‎09-09-2021 04:03 AM

Thanks M. i appreciate your input I will try your suggestion as I want everything except debugging so 6 should work. I will reply back later today with the results.

 

Paul

0 Helpful

Go to solution
pandreozzi
Level 1
Level 1
In response to pandreozzi

‎09-09-2021 05:42 AM

I have another question. I think I know the answer but I want to confirm.

 

Does syslog show flow data or do we need to use NetFlow.

 

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to pandreozzi

‎09-09-2021 08:41 AM

 

                - You need Netflow for flow data.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
pandreozzi
Level 1
Level 1
In response to marce1000

‎09-09-2021 08:49 AM

Thanks M for the quick response. I kinda knew that because I am  a Juniper guy and use JFlow so I was just validating.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents