cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
278
Views
0
Helpful
1
Replies

Viptela vManage external syslog configuration

Sors
Level 1
Level 1

Hi Cisco Community, may I ask for your expertise please. I configured this syslog command from the CLI. When I checked, it is sending logs to our external syslog server, however, only one log message was logged to our external syslog server.

vmanage(config)#system logging server 172.16.30.100 transport udp port 14514 vpn 512 source-interface eth0

vmanage(config)#commit

vmanage-1#show running-config system
logging
disk
enable
!
server 172.16.30.100
vpn 512
source-interface eth0
transport udp
port 14514
exit
!

Is there any other configuration I need to do here? TIA!

1 Reply 1

AshSe
VIP
VIP

Hello @Sors 

Based on the configuration you provided, the syslog server is configured correctly to send logs to the external syslog server at 172.16.30.100 using UDP on port 14514 from VPN 512 and the eth0 interface. However, if only one log message is being sent to the external syslog server, there are a few things you should check to ensure everything is working as expected:


1. Verify Logging Levels

  • By default, syslog messages are sent based on their severity level. If the logging level is not configured, only critical or higher-severity logs may be sent.
  • Check the logging level configuration on your device. You can configure the logging level to ensure that more logs are sent to the external syslog server. For example:
    vmanage(config)#system logging server 172.16.30.100 level info
    vmanage(config)#commit
    
    This ensures that logs with a severity level of info and higher (e.g., warnings, errors) are sent to the syslog server.

2. Verify Logging is Enabled Globally

  • Ensure that logging is enabled globally on the device. From your configuration, it seems that disk logging is enabled, but you should confirm that logging is enabled for external servers as well:
    vmanage(config)#system logging enable
    vmanage(config)#commit
    

3. Check the VPN Configuration

  • Ensure that VPN 512 is properly configured and has connectivity to the syslog server (172.16.30.100). You can test connectivity using a ping command:
    vmanage#ping vpn 512 172.16.30.100
    
  • If the ping fails, verify the routing configuration for VPN 512 and ensure that the syslog server is reachable.

4. Check the Source Interface

  • You have configured the source interface as eth0. Ensure that eth0 is part of VPN 512and has an IP address assigned. You can verify this with:
    vmanage#show interface vpn 512
    
  • If eth0 is not part of VPN 512 or does not have an IP address, update the configuration accordingly.

5. Check the Syslog Server

  • Verify that the external syslog server (172.16.30.100) is properly configured to receive logs on UDP port 14514. Ensure that there are no firewall rules or network issues blocking the logs.
  • You can use a packet capture tool (e.g., Wireshark or tcpdump) on the syslog server to confirm that the logs are being received.

6. Generate Test Logs

  • To confirm that the syslog configuration is working, you can generate test log messages manually. For example:
    vmanage#request system logging generate level info message "Test log message"
    
  • Check if this log message appears on the external syslog server.

7. Check for Rate-Limiting or Filtering

  • Some devices may have rate-limiting or filtering enabled for syslog messages. Check if there are any rate-limiting configurations that might be preventing logs from being sent frequently.

8. Review Logs on the Device

  • Check the local logs on the device to ensure that logs are being generated. If no logs are being generated locally, there may be an issue with the logging configuration or the system itself:
    vmanage#show log
    

9. Verify Commit

  • Ensure that the configuration was successfully committed. If the configuration was not committed, the changes will not take effect:
    vmanage#show configuration committed
    

Summary of Additional Configuration

If everything checks out, you may need to add or verify the following commands:

vmanage(config)#system logging enable

vmanage(config)#system logging server 172.16.30.100 level info


vmanage(config)#commit

After making these changes, test again to see if logs are being sent to the external syslog server. If the issue persists, check the syslog server configuration and network connectivity.

 

Hope This Helps!!!

AshSe

 

Community Etiquette: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.