Amit,

The following is the config from CATOS & IOS for syslog. So please have a look and let me know that why its not sending logs to syslog server....

######################CAT OS CONFIG FOR SYSLOG###################

#syslog

set logging server enable

set logging server 10.4.80.111

set logging server 10.4.1.221

set logging server 10.4.230.2

set logging server facility LOCAL6

###################################################################

#########################IOS CONFIG FOR SYSLOG#####################

logging trap notifications

logging facility local1

logging source-interface Loopback0

logging 10.4.80.111

logging 10.4.1.221

logging 10.8.93.194

######################################################################

Please paste the output from show logging.

Your configs seem to be OK with me.

Please paste the show ver also.

regards,

-amit singh

Here is the show versions from CATOS & IOS. Also I would like to know that the following messages samples not seeing in logging...what i have to do to see this messages in logging..

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_NV: Nonvolatile storage configured from test-router-confg by console tftp from 192.19.131.38

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_NV: Non-volatile store configured from switch-confg by console rcp from 171.69.1.129

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from network-confg by console tftp from 171.69.1.129

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configuration from kim-confg by console tftp from 10.1.1.33

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from tftp://10.64.7.99/ios-cfg.txt

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from host1-config by rcp from 172.16.101.101

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_I: Configured from memory by console

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from NVRAM by console

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_I: Configured from console by console

#######################################################IOS########################

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-JK9SV-M), Version 12.2(18)SXD, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by cisco Systems, Inc.

Compiled Thu 29-Jul-04 01:36 by cmong

Image text-base: 0x4002100C, data-base: 0x42698000

ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)

BOOTLDR: s72033_rp Software (s72033_rp-JK9SV-M), Version 12.2(18)SXD, RELEASE SOFTWARE (fc2)

ECC3SF4 uptime is 3 weeks, 4 days, 12 hours, 41 minutes

Time since ECC3SF4 switched to active is 3 weeks, 4 days, 12 hours, 40 minutes

System returned to ROM by power-on (SP by power-on)

System restarted at 03:21:07 KSA Fri Apr 15 2005

System image file is "sup-bootflash:s72033-jk9sv-mz.122-18.SXD.bin"

cisco WS-C6509 (R7000) processor (revision 3.0) with 458720K/65536K bytes of memory.

Processor board ID SAL0811WCRR

SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

Last reset from power-on

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

TN3270 Emulation software.

8 Ethernet/IEEE 802.3 interface(s)

3 Virtual Ethernet/IEEE 802.3 interface(s)

148 Gigabit Ethernet/IEEE 802.3 interface(s)

8 Gigabit Ethernet/IEEE 802.3 interface(s)

1917K bytes of non-volatile configuration memory.

8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

########################CATOS######################

WS-C6509 Software, Version NmpSW: 8.3(3)

Copyright (c) 1995-2004 by Cisco Systems

NMP S/W compiled on Aug 9 2004, 03:30:35

System Bootstrap Version: 7.1(1)

System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Version: 6.0 ADK: 40

System Boot Image File is 'bootflash:cat6000-sup2cvk9.8-3-3.bin'

System Configuration register is 0x2102

There are a couple of things that you might try to help resolve this.

The first thing that I would check is IP connectivity. To make sure that connectivity is not an issue please do an extended ping. Since your IOS configuration specifies the source address is the loopback we want to be sure that a packet with source address of loopback and destination address of syslog server will be delivered. In the extended ping specify one of the syslog servers as destination and in the extended commands specify the loopback interface address as the source.

It might also be useful to do a ping from the switch to the addresses of the syslog server.

Another thing to check is that I notice that you specify facility LOCAL6 on the switch and facility local1 on IOS. Are you sure that the syslog server is set up properly for these destinations? As an experiment I would suggest removing the facility commands from both configs, take the default, and see if the messages are processed by the syslog server.

HTH

Rick

If you're running Kiwi Syslog on a Windows platform that also has a software firewall running on it, make sure you poke holes through that firewall to allow the log messages to get through.

Check out how your Kiwi Syslog is set up. Under "Inputs" you can listen for UDP Syslog messages at UDP port 514 (default), TCP Syslog messages at TCP port 1468, and/or SNMP Traps at UDP port 162. And you can change the port numbers, if necessary.

Make sure your software firewall allows the protocol(s) and port number(s) through that match what your Kiwi Syslog is listening for.

To test that your configuration is working, you can use Kiwi's free Syslog Message Generator loaded on another machine. Here's a link to it:

Kiwi SyslogGen

http://www.kiwisyslog.com/info_sysloggen.htm

First of all thank you very much for all your replies from your precious times.

Another thing, now I'm start getting messages on syslog server which is UNIX based, however I was just testing the log messages using Kiwi syslog application and now I will try to see firewall setting in kiwi’s syslog application as you mentioned o.k. this is different thing which I will do in LAB.

Now I got the sample messages from Cisco Site and I want to see same as these messages in my network whenever we do this kind of activities, I mean related to these messages. But when I SSH to one of our switch and copy the running configuration to TFTP and I don’t see the message related to this activity not even in “show log” on router. So, Could you please tell me what is the way to enable to see these kinds of messages in CATOS & IOS in show log (ios) & show logging (CATOS) also in syslog server.

###############################################IOS#####################Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_NV: Nonvolatile storage configured from test-router-confg by console tftp from 192.19.131.38

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_NV: Non-volatile store configured from switch-confg by console rcp from 171.69.1.129

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from network-confg by console tftp from 171.69.1.129

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configuration from kim-confg by console tftp from 10.1.1.33

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from tftp://10.64.7.99/ios-cfg.txt

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from host1-config by rcp from 172.16.101.101

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG_I: Configured from memory by console

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-CONFIG: Configured from NVRAM by console

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-RELOAD: Reload requested

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-RESTART: System restarted --

Apr 11 20:13:49 wormhole.flash.net 2279: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 204.167.245.140

Apr 11 20:13:49 wormhole.flash.net 2279: %RCMD-4-RSHATTEMPTED: Remote shell from andy at 10.0.0.1 denied

Apr 11 20:13:49 wormhole.flash.net 2279: %RCMD-4-RCPATTEMPTED: Remote copy from andy at 10.0.0.1 denied

continue in another message

################################CATOS#################################Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %IP-4-PERMITFAIL: Unauthorized Telnet access attempt from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %IP-4-PERMITFAIL: Unauthorized SNMP access attempt from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-ENABLE_FAIL: User USERNAME failed to enter enable mode from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-ENABLE_FAIL: User USERNAME failed to enter enable mode from HOST

****User value might not be vailable

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-LOGIN_FAIL: User USERNAME failed to log in from CONSOLE

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-LOGIN_FAIL: User USERNAME failed to log in from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-LOGIN_FAIL: User failed to log in from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-SYS_CONFIG_END: System config ended

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-SYS_CONFIG_END_MOD: System config ended for module 6

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-SYS_CONFIG_START: System configuration started with CONF_FILENAME

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-5-SYS_CONFIG_START_MOD: System config started with CONF_FILENAME for module 5

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-ENABLEFAIL: User USERNAME failed to enter enable mode from CONSOLE

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-ENABLEFAIL: User USERNAME failed to enter enable mode from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-ENABLEPASS: User USERNAME entered enable mode from CONSOLE

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-ENABLEPASS: User USERNAME entered enable mode from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-LOGINFAIL: User USERNAME failed to log in from CONSOLE

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-LOGINFAIL: User USERNAME failed to log in from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-LOGINPASS: User USERNAME logged in from CONSOLE

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %MGMT-6-LOGINPASS: User USERNAME logged in from 192.168.0.1

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SNMP-5-SNMPAUTHFAIL: Authentication failed for message from 192.168.0.1

*** documentation mentione username ?

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-MOD_PASSWDCLR: Module 3 password cleared from Telnet

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-MOD_PASSWDCLR: Module 3 password cleared from SNMP

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-MOD_RESET: Module 6 reset from Telnet

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-5-SYS_RESET: System reset from SNMP

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-6-CFG_CHG: [chars]

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-6-AUTOSAVE: [chars]

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-6-CFG_CHG:Module 2 block changed

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-6-CFG_CHG:Module 2 block changed by telnet/100.100.100.9/

Apr 23 04:05:37 [10.4.1.12.4.0] 975: Apr 23 04:05:53: %SYS-6-CFG_CHG:Global block changed by SNMP/216.141.33.71/

Your usual support will be highly appreciated.

And for your information we are getting authorize from CISCO AAA server.

Regards,

Khan