Hello @Sors
Based on the configuration you provided, the syslog server is configured correctly to send logs to the external syslog server at 172.16.30.100 using UDP on port 14514 from VPN 512 and the eth0 interface. However, if only one log message is being sent to the external syslog server, there are a few things you should check to ensure everything is working as expected:
1. Verify Logging Levels
- By default, syslog messages are sent based on their severity level. If the logging level is not configured, only critical or higher-severity logs may be sent.
- Check the logging level configuration on your device. You can configure the logging level to ensure that more logs are sent to the external syslog server. For example:
vmanage(config)#system logging server 172.16.30.100 level info
vmanage(config)#commit
This ensures that logs with a severity level of info and higher (e.g., warnings, errors) are sent to the syslog server.
2. Verify Logging is Enabled Globally
- Ensure that logging is enabled globally on the device. From your configuration, it seems that disk logging is enabled, but you should confirm that logging is enabled for external servers as well:
vmanage(config)#system logging enable
vmanage(config)#commit
3. Check the VPN Configuration
- Ensure that VPN
512 is properly configured and has connectivity to the syslog server (172.16.30.100). You can test connectivity using a ping command:
vmanage#ping vpn 512 172.16.30.100
- If the ping fails, verify the routing configuration for VPN
512 and ensure that the syslog server is reachable.
4. Check the Source Interface
- You have configured the source interface as
eth0. Ensure that eth0 is part of VPN 512and has an IP address assigned. You can verify this with:
vmanage#show interface vpn 512
- If
eth0 is not part of VPN 512 or does not have an IP address, update the configuration accordingly.
5. Check the Syslog Server
- Verify that the external syslog server (
172.16.30.100) is properly configured to receive logs on UDP port 14514. Ensure that there are no firewall rules or network issues blocking the logs.
- You can use a packet capture tool (e.g., Wireshark or tcpdump) on the syslog server to confirm that the logs are being received.
6. Generate Test Logs
- To confirm that the syslog configuration is working, you can generate test log messages manually. For example:
vmanage#request system logging generate level info message "Test log message"
- Check if this log message appears on the external syslog server.
7. Check for Rate-Limiting or Filtering
- Some devices may have rate-limiting or filtering enabled for syslog messages. Check if there are any rate-limiting configurations that might be preventing logs from being sent frequently.
8. Review Logs on the Device
- Check the local logs on the device to ensure that logs are being generated. If no logs are being generated locally, there may be an issue with the logging configuration or the system itself:
vmanage#show log
9. Verify Commit
- Ensure that the configuration was successfully committed. If the configuration was not committed, the changes will not take effect:
vmanage#show configuration committed
Summary of Additional Configuration
If everything checks out, you may need to add or verify the following commands:
vmanage(config)#system logging enable
vmanage(config)#system logging server 172.16.30.100 level info
vmanage(config)#commit
After making these changes, test again to see if logs are being sent to the external syslog server. If the issue persists, check the syslog server configuration and network connectivity.
Hope This Helps!!!
AshSe
Community Etiquette:
- Insert photos/images inline - don't attach.
- Always mark helpful and correct answers, it helps others find what they need.
- For a prompt reply, kindly tag @name. An email will be automatically sent to the member.
