cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
675
Views
0
Helpful
6
Replies

Syslog servers

mulhollandm
Level 1
Level 1

Folks,

I'm trying to log traps from a 1721 to my desktop.

I've downloaded a Kiwi syslog server and set it to accept udp (port514), tcp(1468) & snmp traps.

I've configured the router to use the syslog server at my ip address & told it to log debug traps.

when i type ash ow logging on the router i can see it has sent the logs but don't see anything on my syslog server.

i can ping between my router and my server ok

any ideas

thanks in anticipation

6 Replies 6

thisisshanky
Level 11
Level 11

I just downloaded Kiwi Syslog daemon 7.0.3

Enabled UDP port 514 (thats enabled by default)

TCP is not enabled by default, same is SNMP.

I checked the options to enable TCP and SNMP.

Had a 1721, connected back to back to my PC, loaded with Kiwi.

commands on 1721.

no logging console

logging 10.10.10.10

logging trap debug

Gave a "debug ip icmp" and gave a ping, and all the debug messages popped up on the kiwi syslog.

So I think, in your case, only if a debug instance occurs, will it send a message to syslog server.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

i tried an install on my test network & all works ok but still nothing on the live network. The only big difference is the access-lists on the live network but i've included my syslog server on the inbound list so that i can ping between the router and the server.

any more ideas gratelfully appreciated

many thanks

If there are access-list on the router then you also need to permit syslog udp port 514 on the list. Otherwise syslog messages will be dropped.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

thanks for your help - i think i'm nearly there!

i'm using an extended list but i can't get the syntax right yet so i tried a:

access-list 101 permit udp myipaddress any

but no joy

agains thanks for the help!

Is the ACL incoming or outgiong?

Is the myipaddress the IP address of the router or the syslog server?

I'd use

access-list 101 permit udp any syslog_server_address

or

access-list 101 permit udp router_address syslog_server_address

line in the ACL.

Regards,

Milan

Thanks for your help but it turns out i needed to identify the source interface for logging

thanks again