cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1475
Views
5
Helpful
7
Replies

Some Logs Not Getting To Syslog Server

Remop735
Level 1
Level 1

Hello,

I have defined a syslog server for my router and after a while I noticed that some logs aren't getting to the server.
The logs I have noticed for now that aren't  getting there are the boot logs - Whenever I restart the router I see the reload log, and every log that comes after the boot (like command, logons, etc) but not the actual boot so there is no way for me to know if the router is back up.
Using Cisco ISR4321/K9 Router (IOS Version 15.5(3)S2), with logging trap 7 defined and a logging host Ofc.

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

Boot logs can not be redirected to syslog, this can only view via console.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Then how am I supposed to know when a router is back on after a reboot? Is there a way?

If you have configured your router to communicate with an SNMP server then you could have the server attempt to access the router as a way to know when it has come back up. Otherwise you would need some manual effort such as attempting to ping the router interface to determine when it is back up.

 

As I think about your question I wonder how you know that the router was down and rebooting? If we knew that it might suggest some way to verify when the router is back up.

 

Another thought that occurs to me is that you could write an EEM script that would run after reboot and have the script generate a log message that could be sent to the log server indicating that the router was back up.

 

HTH

 

Rick

HTH

Rick

you can have different monitoring system like ping or snmp.

 

if you configured the syslog properly, after rebooted and device come online, you can see interface comes up in syslog server.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I have configured my syslog logging to debugging (level 7) and it still doesn’t send the interface up logs while booting. Seems from the other comments that this is not possible.
Should I try active checking like suggested or have I configured the router wrong?

While there is always some possibility of errors in configuration there is not anything in what you have posted that indicates anything wrong in your configuration. My suggestion is that you should work on active checking.

 

HTH

 

Rick

HTH

Rick

Joseph W. Doherty
Hall of Fame
Hall of Fame
BTW, the reason you don't "see" the very early log information on your syslog server, is likely because the router's IOS hasn't yet loaded enough of itself to send that log infromation. I.e. so early in the IOS load process, the router doesn't know "how" or perhaps even "where" to send the syslog information.

The other posters have suggested other methods that might be used to determine if the router has rebooted and when it's back on-line.
Review Cisco Networking for a $25 gift card