cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
263
Views
0
Helpful
3
Replies

rv340 information messages not being sent to remote syslog server

dono42
Level 1
Level 1

Rv340 with 1.0.03.29, I have information level severity set for logging. The information messages (and alert thru notification) are logged in the router but information messages are not passed to the remote syslog server. All other messages alert thru notification are sent to the remote syslog server on a M2 Mac running Monterey. Suggestions?

1 Accepted Solution

Accepted Solutions

Hi @pieterh

This RV340 replaced a wired Netgear that was configured for vpn connections. That Netgear router got 4 to 6 failed (hacks) vpn login attempts a day. It appears for me to get the same level of vpn logs from the Cisco router it needs to be "info". The Netgear must have been sending a higher priority message to the remote syslog server. I did check the syslog server config and it was set to "notice" so no info would get through. I changed the notice to info in the /etc/asl.conf file, reloaded syslogd, log info now, see below. The only down side is I will now see all of the dropped packet info. 

# Rules for /var/log/system.log

> system.log mode=0640 format=bsd rotate=seq compress file_max=5M all_max=50M

? [= Sender kernel] file system.log

? [<= Level notice] file system.log

? [= Facility auth] [<= Level info] file system.log

? [= Facility authpriv] [<= Level info] file system.log

View solution in original post

3 Replies 3

pieterh
VIP
VIP

 the syslog server itself may have a filter for incoming messages ?

Hi @pieterh

This RV340 replaced a wired Netgear that was configured for vpn connections. That Netgear router got 4 to 6 failed (hacks) vpn login attempts a day. It appears for me to get the same level of vpn logs from the Cisco router it needs to be "info". The Netgear must have been sending a higher priority message to the remote syslog server. I did check the syslog server config and it was set to "notice" so no info would get through. I changed the notice to info in the /etc/asl.conf file, reloaded syslogd, log info now, see below. The only down side is I will now see all of the dropped packet info. 

# Rules for /var/log/system.log

> system.log mode=0640 format=bsd rotate=seq compress file_max=5M all_max=50M

? [= Sender kernel] file system.log

? [<= Level notice] file system.log

? [= Facility auth] [<= Level info] file system.log

? [= Facility authpriv] [<= Level info] file system.log

pieterh
VIP
VIP
  • Emergency — Level 0; Message is logged if a device is down or unusable. The message is normally broadcasted to all processes.
  • Alert — Level 1; Message is logged if there is a serious device malfunction, such as a case in which all device features stop working.
  • Critical — Level 2; Message is logged if there is a critical device malfunction, such as two ports not functioning properly while the remaining ports work correctly.
  • Error — Level 3; Message is logged if there is an error within a device such as a single port being offline.
  • Warning — Level 4; Message is logged if a device is functioning properly but an operational problem occurs.
  • Notification — Level 5; Message is logged if a device is functioning properly but a system notice occurs. This is the default.
  • Information — Level 6; Message is logged if a condition that is not an error exists on the device but may require attention or special handling.
  • Debugging — Level 7; Provides all detailed debugging information.

=> "info" is the one but most detailed logging level
logging format is 
     seq no:timestamp: %facility-severity-MNEMONIC:description
example: 

00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down

where "5" refers to the loging level above not the sting "notice" (if a string it would be notification, not notice)

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: