Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

2372
Views
0
Helpful
6
Replies
Highlighted
mpugina63
mpugina63 Beginner
Beginner
‎07-21-2011 10:46 AM
‎07-21-2011 10:46 AM

Cisco 4510 switch syslog-ng issues

I have the following setup:

PMI_4510_COR2(config)#do sh log

Syslog logging: enabled (0 messages dropped, 99 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

    Console logging: level debugging, 129996 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging: level debugging, 130094 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (2147483647 bytes)

    Count and timestamp logging messages: enabled

    Trap logging: level debugging, 130096 message lines logged

        Logging to 10.1.2.20, 10201 message lines logged, xml disabled,

               filtering disabled

and on my syslog server I got a few logs for a bit:

root@logserver:/var/log/cisco# tail -f core1.log

Jul 20 17:36:20 10.1.2.2 15625: Jul 20 17:36:15: %SYS-5-CONFIG_I: Configured from console by nmradmin on vty0 (10.1.58.10)

Jul 20 19:35:12 10.1.2.2 15626: Jul 20 19:35:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4/4, changed state to down

Jul 20 19:35:12 10.1.2.2 15627: Jul 20 19:35:08: %LINK-3-UPDOWN: Interface FastEthernet4/4, changed state to down

Jul 20 19:35:14 10.1.2.2 15628: Jul 20 19:35:09: %SWITCH_QOS_TB-5-TRUST_DEVICE_LOST: cisco-phone no longer detected on port Fa4/4, operational port trust state is now untrusted.

Jul 20 21:13:38 10.1.2.2 15629: Jul 20 21:13:33: %C4K_REDUNDANCY-5-CALENDAR_RATELIMIT: The calendar has been successfully synchronized to the standby supervisor24 times since last calendar syslog

Jul 21 07:56:31 10.1.2.2 15630: Jul 21 07:56:27: %LINK-3-UPDOWN: Interface FastEthernet4/4, changed state to up

Jul 21 07:56:31 10.1.2.2 15631: Jul 21 07:56:28: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4/4, changed state to up

Jul 21 07:56:45 10.1.2.2 15632: Jul 21 07:56:41: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Fa4/4, port's configured trust state is now operational.

but it stopped without any change on either system.

I have the following syslog-ng configuration on my 10.1.2.20 linux server:

source s_net { tcp();

               udp(); };

#Cisco devices

destination d_core1 { file("/var/log/cisco/core1.log"); };

#Cisco Core 1 Switch

filter f_core1 { host("10.1.2.2"); };

# All messages send to a remote site

log { source(s_net); filter(f_core1); destination(d_core1); };

I have restarted syslog-ng multiple times to no availabe. I have other devices that are logging to that server successfully.

Any help would be appreciated

Labels:
0 Helpful
Reply
6 REPLIES 6
Antonio Knox
Antonio Knox Rising star
Rising star
‎07-21-2011 11:54 AM
‎07-21-2011 11:54 AM

Cisco 4510 switch syslog-ng issues

I'd couble check the config on the 4510.  If there had been an unexpected reload or something and the logging configs hadn't been written to memory, then it would have reverted to a previous setting.  I know it's a reach, but without a full config to reference, that's pretty much what I'm thinking.

0 Helpful
Reply
mpugina63
mpugina63 Beginner
Beginner
‎07-21-2011 12:53 PM
‎07-21-2011 12:53 PM

Cisco 4510 switch syslog-ng issues

Antonio,

Thanks for the reply, I turned off the rate-limit  and it doesn't appear to have changed the message rate in sh log, it also didn't start logging to syslog either:

PMI_4510_COR2(config)#no logg rate-limit

PMI_4510_COR2(config)#logg reload

PMI_4510_COR2(config)#do sh logg

Syslog logging: enabled (0 messages dropped, 99 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

    Console logging: level debugging, 131379 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging: level debugging, 131477 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (2147483647 bytes)

    Count and timestamp logging messages: enabled

    Trap logging: level debugging, 131479 message lines logged

        Logging to 10.1.2.20, 11584 message lines logged, xml disabled,

               filtering disabled

Any other ideas?

0 Helpful
Reply
Antonio Knox
Antonio Knox Rising star
Rising star
‎07-21-2011 12:59 PM
‎07-21-2011 12:59 PM

Cisco 4510 switch syslog-ng issues

This is an odd one, I see that your trap logging (syslog) count has increased.  If neither of these devices has changed, was there anything in between that could affect traffic?

Your first post:

Trap logging: level debugging, 130096 message lines logged

Your second post:

Trap logging: level debugging, 131479 message lines logged

0 Helpful
Reply
mpugina63
mpugina63 Beginner
Beginner
‎07-21-2011 01:22 PM
‎07-21-2011 01:22 PM

Cisco 4510 switch syslog-ng issues

no the syslog server is directly connected to the switch. I was thinking of putting an ACL on the port that the syslog server is connected to and see if I see UDP 514 traffic going out to the server.

0 Helpful
Reply
mpugina63
mpugina63 Beginner
Beginner
‎07-21-2011 02:13 PM
‎07-21-2011 02:13 PM

Cisco 4510 switch syslog-ng issues

ok, I put the ACL in on the server facing port and saw the traffic flowing through, I also so the issue, since I was running the vlan in standby mode it was using the standby IP and not the primary IP. Once I change it, all was well. Hopefully someone else will benefit from my pain

0 Helpful
Reply
Antonio Knox
Antonio Knox Rising star
Rising star
‎07-21-2011 11:57 AM
‎07-21-2011 11:57 AM

Re: Cisco 4510 switch syslog-ng issues

Also, I noticed that you have 99 messages rate-limited, so disable log rate-limiting for grins:

PMI_4510_COR2(config)#no logging rate-limit

0 Helpful
Reply
Latest Contents
Community Live slides - Getting to know Cisco SD-WAN
Created by ciscomoderator on 12-10-2019 06:56 PM
0
0
0
0
Community Live- Getting to know Cisco SD-WAN (Live event - formerly known as Webcast-  Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris) This event will have place on Wednesday 11th, December 2019 at 10hrs PDT  Register to... view more
Ask Me Anything event - Getting to know Cisco SD-WAN
Created by ciscomoderator on 12-10-2019 06:48 PM
0
0
0
0
To   participate   in this event, please use the   button   to ask your questions This topic is a chance to clarify your questions about the Cisco Software-Defined WAN (SD-WAN) solution, its historical roo... view more
Ask Me Anything event - Configuration, Verification, and Tro...
Created by ciscomoderator on 12-09-2019 03:03 PM
0
0
0
0
To   participate   in this event, please use the   button   to ask your questions This topic is a chance to clarify your questions about the configuration, verification, troubleshooting and gener... view more
Recent changes in SRIOV VF mapping in NFVIS GUI
Created by gosekar on 12-05-2019 06:59 PM
0
0
0
0
Starting from NFVIS 3.12 versions, the deploy option does not depict all the SR-IOV VFs(Virtual Functions) available in a physical interface. This change is introduced as (i) the number of VFs of ENCS platform on LANs side is increased to 24 and (ii) the... view more
Community Live- Getting to know Cisco SD-WAN
Created by ciscomoderator on 12-05-2019 12:41 PM
0
0
0
0
Community Live- Getting to know Cisco SD-WAN (Live event - formerly known as Webcast-  Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris) This event will have place on Wednesday 11th, December 2019 at 10hrs PDT  Register to... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad