09-27-2005 05:02 AM - edited 03-09-2019 12:32 PM
Below is a snippit of the pertinant part of a config on one of my routers. The "show logging" indicates that items are being logged (via trap), but nothing's being sent to the logging host, "192.168.145.16". What am I missing? Is syslog on Cisco equipment via TCP, where if the syslog daemon isn't running, it won't log? --Otherwise, I thought syslog was UDP, so the routers blasts out packets & doesn't care if they reach a syslog daemon.
__________________________________________________________
IOS: 11.3(8) T1 <-----------------------
OUTPUT OF SHOW LOGGING
rtr-DOC#show log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 1512 messages logged
Monitor logging: level informational, 707 messages logged
--->Trap logging: level informational, 159 message lines logged<----
--->Logging to 192.168.145.16, 0 message lines logged<----
Buffer logging: level informational, 1386 messages logged
PERTINANT PORTION OF 'SHOW CONFIG'
Current configuration:
!
interface FastEthernet0/0
description connected to DOC LAN
ip address 10.1.42.1 255.255.255.0 secondary
ip address 192.168.150.1 255.255.255.0 secondary
ip address 192.168.144.1 255.255.255.240 secondary
ip address 192.168.144.65 255.255.255.240 secondary
ip address 192.168.144.49 255.255.255.240 secondary
ip address 192.168.148.1 255.255.255.0 secondary
ip address 192.168.145.1 255.255.255.0
ip pim dense-mode
ip route-cache same-interface
ip cgmp
!
!
logging buffered 4096 informational
logging monitor informational
logging trap informational
logging 192.168.145.16
____________________________________________________________
-Alex
09-27-2005 08:24 AM
Alex
syslog on Cisco uses UDP so it should not be a TCP issue. Configuration looks ok and the show log info looks like the router thinks that it is sending to the syslog server.
From the config it looks like the syslog server should be connected on the local subnet through FastEthernet0/0. Can you confirm connectivity to the syslog server by pinging the 192.168.145.16 address from the router?
There are no access lists on the router interface, and assuming that the server is on the connected subnet there should not be any possibility of other router access lists along the path to the server.
Is there a possibility that the server is not configured correctly to receive and process the syslog messages from this router?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide