cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
346
Views
0
Helpful
5
Replies

Logging server query

Raja_D
Level 1
Level 1

Hi, 

Can we forward traffic related logs from a Cisco  router to a syslog server that is configured as a internet router? 

Here is current configuration in router :

Logging traps debugging

Logging host 10.50.20.36

Ip route 10.50.20.36 255.255.255.255 192.168.10.11

192.168.10.11 being the firewall ip. 

Note: current observation is that only the tacacs related logs are being forwarded to the syslog server but the traffic related logs are not getting forwarded. 

Please guide if this could be possible 

5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

When you say "traffic related logs" what exactly do you mean?  Each individual flow?  Access list hits?  Something else?

Yes each individual flow of communication that's happening between source ip to any destination ip... 

I am not clear on what you are trying to forward. Do you have something that is generating syslog records for each individual flow?

On the router if you do the command show log, are you seeing entries in the syslog that are not forwarded to your log server?

I am also not clear about your mention of it being configured as an internet router. Are you saying that your syslog server is also functioning as an internet router?

HTH

Rick

HTH

Rick

Hi Richard, 

Well, its an normal cisco router which is connected with an internet link to it representing it as Internet router.

when i do a show logging, i see the output similar to the output given below:

Trap logging: level debugging, 61 message lines logged
Logging to 10.50.20.36 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
61 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

But the team who manages the syslog server 10.50.20.36 they report that they do not see the traffic related logs of the cisco router (Internet router) on the syslog server.

Here are my answer's for the queries raised:

Do you have something that is generating syslog records for each individual flow? -- if there is some command which need to be added to generate syslog records for each individual flow, what is that I am missing as part of the configuration that i have shared

On the router if you do the command show log, are you seeing entries in the syslog that are not forwarded to your log server? --- I do not find any such logs of not forwarded or not just the ones that i have shared at the top of this conversation and the link flap or interface up/down logs are visible.

Are you saying that your syslog server is also functioning as an internet router? -- syslog server is dedicated server and its not functioning as internet router.

Kindly let me know incase of any more clarifications..

Thanks for the additional information. Your post suggests that the problem is that some log records are not being forwarded to the log server. But I am not convinced that any log records exist that would report each flow going through the router. I have seen log records reporting flows that were generated by firewalls. But I am not aware of log records like that generated by an IOS router. Unless you can demonstrate that there are log records on the router for each flow then I believe that all existing log records are being correctly forwarded to the log server.

HTH

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card