04-10-2013 04:50 AM - edited 03-04-2019 07:32 PM
Hi everyone,
In our network we use cisco WS-C6509-E (R7000) Backbobe switch. We want to route syslog to log server.But I couldn't do it. How can solve this problem?
04-10-2013 04:52 AM
04-10-2013 05:09 AM
Any one help me ?
04-10-2013 05:13 AM
Hi,
The command you need to add in the global context is logging
There are other options with the logging command e.g., the level of the SYSLOG messages that will be sent. Let me know if you need any additional information.
Regards
04-10-2013 05:36 AM
I wrote these commands:
-logging on
-logging
are commans not enough ?
04-10-2013 05:42 AM
Hi,
That's all that is required to send log messages to the SYSLOG server, and as can be seen from your extract, 16,060 messages have already been logged.
Do these messages not appear in your SYSLOG? Do you have a route toward the IP address you're using for the SYSLOG server. I assume you can ping the server from the router?
Regards
04-10-2013 05:50 AM
Steve,
you are right there are log files on switch. But these logs not appear on log server.I thought that maybe ; Because of "audit log disabled".
On log server (ubuntu) I listen(tcpdump) logs but from backbone switch any log appear.
04-10-2013 06:03 AM
The audit disabled should not affect this.
Do you have logging source-interface command configured on this router such that all logging is sent from a known IP address i.e., that assigned to the loopback interface? If so can you ping the SYSLOG server using the command ping tcpdump host
.
If you don't have the logging source-interface configured, can you run show ip route
One other question. Do you use VRF on this router?
Regards
01-26-2018 03:54 AM
Hello Ersin,
You should start by deciding what IP on the switch you will use to represent the switch on the syslog server. (If your switch has only one IP address configured, it will use this IP by default). However, core switches usually have many IP addresses and your management VLAN interface is usually the one to choose.
Your syslog server should be able to reach the switch. By default, syslog uses UDP port 514. Traffic on these ports should be allowed in case there is an access-list or firewall in between your switch management vlan and the syslog server.
Note: You can manually configure the switch to send logs using a diffferent layer 4 (TCP or UDP) and on a customized port.
The first step is to enable the logging with the command:
!
R1(config)#logging on
!
Specify your syslog server
!
R1(config)#logging 10.1.1.1
!
You can change the transport layer protocol and the port
!
R1(config)#logging host 10.1.1.1 transport tcp port 59999
!
If your switch has more than one interfaces, you can choose which one will represent your switch
!
R1(config)#logging source-interface vlan100
!
You can also log any configuration changes done on the device by the various administrators in your team.
!
R1(config)#logging userinfo
R1(config)#archive
R1(config-archive)#log config
R1(config-archive-log-cfg)#logging enable
!
Usually you do not need to specify your device ip address in the syslog server. However, If you are using PRTG as your syslog server, you will need to add a sensor for your switch using the ip address you mentioned in the source-interface.
I hope this helps
Best Regards
Ashaan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide