04-26-2021 01:46 PM
I am using the below configuration on Catalyst 4500 series switches will this work?
logging on
no logging console
no logging monitor
logging buffered 123456
logging host 1.1.1.1
logging host 1.1.1.1 transport udp port 123
logging source-interface loopback0
logging facility local7
logging trap notifications
logging trap debugging
logging event link-status global
logging origin-id string LAN-SW-1
service sequence numbers
service timestamps debug datetime localtime
service timestamps log datetime localtime
04-26-2021 06:08 PM
Hi
The configuration looks OK.
The port udp/123, are you sure you want to use this one as it is usually used for NTP and your remote system might block incoming snmp messages on that port.
You are using loopback as source interface and I believe your remote snmp server is able to reach out to that interface?
Do you have a more precise question or maybe faced any issues with that config?
04-26-2021 10:46 PM
logging host 1.1.1.1 transport udp port 123
Is your Syslog server Listening on this port? is there any reason for this port to be used why not use any other ports or 514
05-02-2021 01:04 PM
I wonder about having 2 logging trap levels
logging trap notifications
logging trap debugging
As others have commented the choice of port for udp transport is unusual. Not necessarily a problem, depending on how the logging server is set up it might work.
I also wonder about the size of the logging buffer
logging buffered 123456
but do not if it is a problem.
For this to work there are several things that we can not evaluate by looking at the config:
- you specify using the loopback interface address as the source address. Is the logging server correctly set up to process log records from this source and matching the parameters that you have specified?
- Is the IP address configured for the loopback legitimate for your network and consistent with other subnets configured on this switch?
- Is there routing logic that would forward traffic from this source address to the address of the server?
- Is there routing logic that would forward traffic from the server to this loopback interface?
- Are there any security policies implemented in the network that would impact this traffic?
05-03-2021 08:24 AM
"I also wonder about the size of the logging buffer
logging buffered 123456"
I too when I saw that. To OP, remember a buffered syslog is using the platform's RAM, which makes the RAM unavailable for other purposes. Buffered syslog is also lost with system crash.
So, this log is usually sized for a quick look at what's recently been logged. But, if you have lots of free RAM, it normally doesn't cause any problems to have a much bigger, than normal, buffered syslog.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide