Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9187
Views
0
Helpful
8
Replies

Logging source interface loopback0 command question

Go to solution
sir_ulrick
Level 1
Level 1

‎04-17-2020 12:15 AM

Hi all, 

I'm checking a router configuration with follow code:

 

interface Loopback0
no ip address

...

logging source-interface Loopback0

 

I have reading about logging source-interface command and according to Cisco, using this command it's possible to force this interface to send information a external server log

 

"Configures the syslog packets that contain the IPv4 or IPv6 address of a particular interface and specifies the source interface for syslog messages sent to remote syslog hosts." (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/configuration/15-sy/esm-15-sy-book/esm-vrf.html)

 

But this interface doesn't have any ip addres. Really is working this configuration?

 

Thanks.

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to sir_ulrick

‎04-22-2020 07:03 AM

You ask "it's necessary to define previously on the server wich is loopback ip". That is not correct. You do not define this on the server but need to define this on the router or switch. 

 

You also say "when server try to access to the router". This does not have anything to do with how the server accesses the router. It has to do with what address will be used as the source address when the router sends to the server.

HTH

Rick

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-17-2020 12:20 AM

Hello @sir_ulrick ,

because interface loop0 has no ip address syslog messges should be sent out with a source= the interface on the best path to the syslog server.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
sir_ulrick
Level 1
Level 1
In response to Giuseppe Larosa

‎04-17-2020 02:17 AM

Hi Giuseppe,
thanks for your quick reply. Exactly, because router configuration ithat I showed previusly use loopbak as source and it doesn't have ip, this message never will going to a external server, right?

0 Helpful

Go to solution
Vishnu Vardhan S
Level 1
Level 1
In response to sir_ulrick

‎04-17-2020 07:33 AM

Basically we use loopback as source while sending the log messages to syslog server so that we can identify who sent the logs in the syslog server uniquely. 

 

In our case best path interface will be the source and your syslog server will have the interface IP of the routers interface which had the best path to reach the server.

Please do not hesitate to click the STAR button if you are satisfied with my answer.
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Vishnu Vardhan S

‎04-17-2020 07:52 AM

Clearly the original configuration was a mistake. The command to specify a source address was implemented to address a potential issue. Think about a router that will be sending syslog messages to a server. By default the source address of the syslog message will be the address of the outgoing interface. Let us think about a router that has 2 interfaces that have a path to the syslog server. The router chooses the best path to the server and uses the address of that interface as the source for its syslog messages. Then something happens to that interface and the router begins using the alternate interface. Now the syslog messages have a different source address. Now the syslog server appears to have log messages from 2 routers and that creates problems in attempting to analyze and interpret the log messages. By specifying a source address then the syslog messages from the router will have the same source address no matter which outgoing interface they use. It is common (but not required) to specify a loopback interface address as the source address because loopback interfaces are less likely to go down than physical interfaces.

HTH

Rick
0 Helpful

Go to solution
sir_ulrick
Level 1
Level 1
In response to Vishnu Vardhan S

‎04-22-2020 06:34 AM

So, If I unterstood correctly, its a form to commute different physical interface when server try to access to the router. To use this method, it's necessary to define previously on the server wich is loopback ip. Is it correct?
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to sir_ulrick

‎04-22-2020 07:03 AM

You ask "it's necessary to define previously on the server wich is loopback ip". That is not correct. You do not define this on the server but need to define this on the router or switch. 

 

You also say "when server try to access to the router". This does not have anything to do with how the server accesses the router. It has to do with what address will be used as the source address when the router sends to the server.

HTH

Rick
0 Helpful

Go to solution
sir_ulrick
Level 1
Level 1
In response to Richard Burts

‎04-24-2020 03:31 AM

Hi Richards, 

thanks a lot for your reply. I think I have got confused with your previusly message. Now, my question was resolved, it's an error to use logging source-interface Loopback0 if previously loopback interface was not defined. 

 

Thanks for your help.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to sir_ulrick

‎04-24-2020 06:34 AM

You are welcome. Yes your understanding is now correct. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents