WRVS4400N Syslog Output with incorrect IP

mschutze1 · ‎01-07-2014

Hi there,

I`m configuring a WRVS4400N router to log all internet accesses to a Mac OS Server via syslog.

I was able to configure the server to listen to syslog and receive the logs from the router. The problem is the the last digit of the internal IP in the syslog is missing:

Jan 7 15:16:26 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 64269 --> 189.38.95.95:53

Jan 7 15:16:26 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 63035 --> 189.38.95.95:53

Jan 7 15:17:01 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 53822 --> 173.194.118.15:443

Jan 7 15:17:37 192.168.1.1 [Access Log]O UDP Packet - 192.168.1.1]: 53822 --> 173.194.118.15:443

The correct (as in the internal router log) should be:

Jan 7 15:16:26 - [Access Log]O UDP Packet - 192.168.1.11:64269 --> 189.38.95.95:53

Jan 7 15:16:26 - [Access Log]O UDP Packet - 192.168.1.11:63035 --> 189.38.95.95:53

Jan 7 15:17:01 - [Access Log]O UDP Packet - 192.168.1.12:53822 --> 173.194.118.15:443

Jan 7 15:17:37 - [Access Log]O UDP Packet - 192.168.1.12:53822 --> 173.194.118.15:443

Note that the "1.11:" and "1.12:" got substituted by "1.1]: " in the syslog file, so I can't find out from which IP the access was...

Does anyone have any idea how to solve this?

Thanks!

Tom Watts · ‎01-13-2014

Hi Manuel, I am not sure how to interpret. This router is quite old and end of life / end of sale so it could be an unresolved bug. A theory may be it is considering itself the routed hop when sending the syslog to your server.

One thing I'd ask you to do, do you have IPS enable? If so, can you disable it ? IPS on this router does strange things so I wouldn't discount it. Unfortunately, aside from saying upgrade software / reflash software or possible default the router, there's not much in the way of suggestion as this is a rather old device.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/