cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
263
Views
0
Helpful
4
Replies

Syslog Server on Catalyst 4500 Switches

I am using the below configuration on Catalyst 4500 series switches will this work?

logging on

no logging console

no logging monitor

logging buffered 123456

logging host 1.1.1.1

logging host 1.1.1.1 transport udp port 123

logging source-interface loopback0

logging facility local7

logging trap notifications

logging trap debugging

logging event link-status global

logging origin-id string LAN-SW-1

service sequence numbers

service timestamps debug datetime localtime

service timestamps log datetime localtime

4 REPLIES 4
Francesco Molino
VIP Mentor

Hi

 

The configuration looks OK. 

The port udp/123, are you sure you want to use this one as it is usually used for NTP and your remote system might block incoming snmp messages on that port.

You are using loopback as source interface and I believe your remote snmp server is able to reach out to that interface?

 

Do you have a more precise question or maybe faced any issues with that config?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
balaji.bandi
VIP Expert

logging host 1.1.1.1 transport udp port 123

Is your Syslog server Listening on this port? is there any reason for this port to be used why not use any other ports or 514 

 



BB


*** Rate All Helpful Responses ***

I wonder about having 2 logging trap levels

logging trap notifications

logging trap debugging

As others have commented the choice of port for udp transport is unusual. Not necessarily a problem, depending on how the logging server is set up it might work.

I also wonder about the size of the logging buffer

logging buffered 123456

but do not if it is a problem.

 

For this to work there are several things that we can not evaluate by looking at the config:

- you specify using the loopback interface address as the source address. Is the logging server correctly set up to process log records from this source and matching the parameters that you have specified?

- Is the IP address configured for the loopback legitimate for your network and consistent with other subnets configured on this switch?

- Is there routing logic that would forward traffic from this source address to the address of the server?

- Is there routing logic that would forward traffic from the server to this loopback interface?

- Are there any security policies implemented in the network that would impact this traffic?

HTH

Rick

"I also wonder about the size of the logging buffer

logging buffered 123456"

I too when I saw that.  To OP, remember a buffered syslog is using the platform's RAM, which makes the RAM unavailable for other purposes.  Buffered syslog is also lost with system crash.

So, this log is usually sized for a quick look at what's recently been logged.  But, if you have lots of free RAM, it normally doesn't cause any problems to have a much bigger, than normal, buffered syslog.

Content for Community-Ad