Solved: Re: Logging source interface loopback0 command question

sir_ulrick · ‎04-17-2020

Hi all,

I'm checking a router configuration with follow code:

interface Loopback0
no ip address

...

logging source-interface Loopback0

I have reading about logging source-interface command and according to Cisco, using this command it's possible to force this interface to send information a external server log

"Configures the syslog packets that contain the IPv4 or IPv6 address of a particular interface and specifies the source interface for syslog messages sent to remote syslog hosts." (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/configuration/15-sy/esm-15-sy-book/esm-vrf.html)

But this interface doesn't have any ip addres. Really is working this configuration?

Thanks.

Richard Burts · ‎04-22-2020

You ask "it's necessary to define previously on the server wich is loopback ip". That is not correct. You do not define this on the server but need to define this on the router or switch.

You also say "when server try to access to the router". This does not have anything to do with how the server accesses the router. It has to do with what address will be used as the source address when the router sends to the server.

HTH

Rick

View solution in original post

Giuseppe Larosa · ‎04-17-2020

Hello @sir_ulrick ,

because interface loop0 has no ip address syslog messges should be sent out with a source= the interface on the best path to the syslog server.

Hope to help

Giuseppe

sir_ulrick · ‎04-17-2020

Hi Giuseppe,
thanks for your quick reply. Exactly, because router configuration ithat I showed previusly use loopbak as source and it doesn't have ip, this message never will going to a external server, right?

Vishnu Vardhan S · ‎04-17-2020

Basically we use loopback as source while sending the log messages to syslog server so that we can identify who sent the logs in the syslog server uniquely.

In our case best path interface will be the source and your syslog server will have the interface IP of the routers interface which had the best path to reach the server.

Please do not hesitate to click the STAR button if you are satisfied with my answer.

Richard Burts · ‎04-17-2020

Clearly the original configuration was a mistake. The command to specify a source address was implemented to address a potential issue. Think about a router that will be sending syslog messages to a server. By default the source address of the syslog message will be the address of the outgoing interface. Let us think about a router that has 2 interfaces that have a path to the syslog server. The router chooses the best path to the server and uses the address of that interface as the source for its syslog messages. Then something happens to that interface and the router begins using the alternate interface. Now the syslog messages have a different source address. Now the syslog server appears to have log messages from 2 routers and that creates problems in attempting to analyze and interpret the log messages. By specifying a source address then the syslog messages from the router will have the same source address no matter which outgoing interface they use. It is common (but not required) to specify a loopback interface address as the source address because loopback interfaces are less likely to go down than physical interfaces.

HTH

Rick

sir_ulrick · ‎04-22-2020

So, If I unterstood correctly, its a form to commute different physical interface when server try to access to the router. To use this method, it's necessary to define previously on the server wich is loopback ip. Is it correct?

Richard Burts · ‎04-22-2020

You ask "it's necessary to define previously on the server wich is loopback ip". That is not correct. You do not define this on the server but need to define this on the router or switch.

You also say "when server try to access to the router". This does not have anything to do with how the server accesses the router. It has to do with what address will be used as the source address when the router sends to the server.

HTH

Rick

sir_ulrick · ‎04-24-2020

Hi Richards,

thanks a lot for your reply. I think I have got confused with your previusly message. Now, my question was resolved, it's an error to use logging source-interface Loopback0 if previously loopback interface was not defined.

Thanks for your help.

Richard Burts · ‎04-24-2020

You are welcome. Yes your understanding is now correct. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick