Trouble in Syslog Validation (send log)

Nitzbegin · ‎09-21-2014

I am doing a project to to capture the Syslog from the switches and routers, so for most of devices i can generate the syslog by giving the command " send log" and so that i would receive the same locally as well in the tool.

Note : These devices are in production.

We have a monitoring tool " Stablenet v6.72" i think syslog is also the same(same utility in Stablenet)

The problem iam facing is, for many devices i am not able to give the test command as they are running an IOS c3560-ipbase-mz.122-25.SED1.bin.

I have configured the syslog server on all the devices and there is reachability and port 514 is opened though,

I do make you know that we have many firewalls in the network and i belive tat all the devices have reachability to the Syslog server, ( My firewall blocks the Ping traffic and traceroute traffic) so i unable to find out which firewall blocks.( if it is so)

Please let me know how do i validate remaining 1200 devices. :(

Please help me,

Nithin M

pvanvuuren · ‎09-22-2014

Hi Nithin

my advice is to issue a command on each device that will initiate a syslog message. At least this way you can be sure its working, since you will always expect the same kind of syslog message. I know for example if you have the syslog severity set to level 5 you will get "configuration change" messages. To set your level enter this command:

'logging trap notifications'

And then , by entering into config mode ( "conf t" ) as well as exit out of config mode a CONF_I syslog message will be sent immediately as you exit out configuration mode.

hope it helps.

Cheers

Pierre