Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

Syslog configured, but not logging...

abatson
Level 1
Level 1

‎09-27-2005 05:02 AM - edited ‎03-09-2019 12:32 PM

Below is a snippit of the pertinant part of a config on one of my routers. The "show logging" indicates that items are being logged (via trap), but nothing's being sent to the logging host, "192.168.145.16". What am I missing? Is syslog on Cisco equipment via TCP, where if the syslog daemon isn't running, it won't log? --Otherwise, I thought syslog was UDP, so the routers blasts out packets & doesn't care if they reach a syslog daemon.

__________________________________________________________

IOS: 11.3(8) T1 <-----------------------

OUTPUT OF SHOW LOGGING

rtr-DOC#show log

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

Console logging: level debugging, 1512 messages logged

Monitor logging: level informational, 707 messages logged

--->Trap logging: level informational, 159 message lines logged<----

--->Logging to 192.168.145.16, 0 message lines logged<----

Buffer logging: level informational, 1386 messages logged

PERTINANT PORTION OF 'SHOW CONFIG'

Current configuration:

!

interface FastEthernet0/0

description connected to DOC LAN

ip address 10.1.42.1 255.255.255.0 secondary

ip address 192.168.150.1 255.255.255.0 secondary

ip address 192.168.144.1 255.255.255.240 secondary

ip address 192.168.144.65 255.255.255.240 secondary

ip address 192.168.144.49 255.255.255.240 secondary

ip address 192.168.148.1 255.255.255.0 secondary

ip address 192.168.145.1 255.255.255.0

ip pim dense-mode

ip route-cache same-interface

ip cgmp

!

!

logging buffered 4096 informational

logging monitor informational

logging trap informational

logging 192.168.145.16

____________________________________________________________

-Alex

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎09-27-2005 08:24 AM

Alex

syslog on Cisco uses UDP so it should not be a TCP issue. Configuration looks ok and the show log info looks like the router thinks that it is sending to the syslog server.

From the config it looks like the syslog server should be connected on the local subnet through FastEthernet0/0. Can you confirm connectivity to the syslog server by pinging the 192.168.145.16 address from the router?

There are no access lists on the router interface, and assuming that the server is on the connected subnet there should not be any possibility of other router access lists along the path to the server.

Is there a possibility that the server is not configured correctly to receive and process the syslog messages from this router?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents