Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
1
Replies

ISR 4451 TCP Syslog Issues/Disconnects

tcebak
Level 1
Level 1

‎03-01-2023 10:43 AM

Has anyone had issues with sending syslog over tcp to a collector like SPLUNK? Currently, we changed one of our ISR 4451 (17.3.6) routers to send syslog to host over TCP. The issue is after a while it stops sending and i keep getting bugged that the ISR is no longer sending syslog messages. Also, if you do a "Show logg" it shows the link to splunk is up over tcp but it's not sending logs. 

I usually have to restart splunk services, take off "logging host" and it's going through a firewall so we clear the connection, basically jiggle the handle a few times before it connects again. Of course UDP doesn't have issues. 

It's always a pain and really don't want to use TCP but was curious if anyone else had this similar issue. We are sending it out of the mgmt interface Gi0 through and with a vrf. But it seems after a few week or so, then we have to tear all the logging down and re do everything and usually takes a while and becoming annoying. 

Is there a better way to reset the connection or something i'm dumb and missing. 

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎03-01-2023 04:13 PM

There are some bugs around I guess  - may be worth trying to upgrade to 17.64 or higher.

at the same time try setup UDP and see is that breaks same time ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card