Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3065
Views
0
Helpful
6
Replies

Cisco 4510 switch syslog-ng issues

mpugina63
Level 1
Level 1

‎07-21-2011 10:46 AM - edited ‎03-07-2019 01:20 AM

I have the following setup:

PMI_4510_COR2(config)#do sh log

Syslog logging: enabled (0 messages dropped, 99 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

    Console logging: level debugging, 129996 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging: level debugging, 130094 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (2147483647 bytes)

    Count and timestamp logging messages: enabled

    Trap logging: level debugging, 130096 message lines logged

        Logging to 10.1.2.20, 10201 message lines logged, xml disabled,

               filtering disabled

and on my syslog server I got a few logs for a bit:

root@logserver:/var/log/cisco# tail -f core1.log

Jul 20 17:36:20 10.1.2.2 15625: Jul 20 17:36:15: %SYS-5-CONFIG_I: Configured from console by nmradmin on vty0 (10.1.58.10)

Jul 20 19:35:12 10.1.2.2 15626: Jul 20 19:35:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4/4, changed state to down

Jul 20 19:35:12 10.1.2.2 15627: Jul 20 19:35:08: %LINK-3-UPDOWN: Interface FastEthernet4/4, changed state to down

Jul 20 19:35:14 10.1.2.2 15628: Jul 20 19:35:09: %SWITCH_QOS_TB-5-TRUST_DEVICE_LOST: cisco-phone no longer detected on port Fa4/4, operational port trust state is now untrusted.

Jul 20 21:13:38 10.1.2.2 15629: Jul 20 21:13:33: %C4K_REDUNDANCY-5-CALENDAR_RATELIMIT: The calendar has been successfully synchronized to the standby supervisor24 times since last calendar syslog

Jul 21 07:56:31 10.1.2.2 15630: Jul 21 07:56:27: %LINK-3-UPDOWN: Interface FastEthernet4/4, changed state to up

Jul 21 07:56:31 10.1.2.2 15631: Jul 21 07:56:28: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4/4, changed state to up

Jul 21 07:56:45 10.1.2.2 15632: Jul 21 07:56:41: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Fa4/4, port's configured trust state is now operational.

but it stopped without any change on either system.

I have the following syslog-ng configuration on my 10.1.2.20 linux server:

source s_net { tcp();

               udp(); };

#Cisco devices

destination d_core1 { file("/var/log/cisco/core1.log"); };

#Cisco Core 1 Switch

filter f_core1 { host("10.1.2.2"); };

# All messages send to a remote site

log { source(s_net); filter(f_core1); destination(d_core1); };

I have restarted syslog-ng multiple times to no availabe. I have other devices that are logging to that server successfully.

Any help would be appreciated

Labels:
0 Helpful
6 Replies 6

Antonio Knox
Level 7
Level 7

‎07-21-2011 11:54 AM

I'd couble check the config on the 4510.  If there had been an unexpected reload or something and the logging configs hadn't been written to memory, then it would have reverted to a previous setting.  I know it's a reach, but without a full config to reference, that's pretty much what I'm thinking.

0 Helpful

mpugina63
Level 1
Level 1
In response to Antonio Knox

‎07-21-2011 12:53 PM

Antonio,

Thanks for the reply, I turned off the rate-limit  and it doesn't appear to have changed the message rate in sh log, it also didn't start logging to syslog either:

PMI_4510_COR2(config)#no logg rate-limit

PMI_4510_COR2(config)#logg reload

PMI_4510_COR2(config)#do sh logg

Syslog logging: enabled (0 messages dropped, 99 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

    Console logging: level debugging, 131379 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging: level debugging, 131477 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (2147483647 bytes)

    Count and timestamp logging messages: enabled

    Trap logging: level debugging, 131479 message lines logged

        Logging to 10.1.2.20, 11584 message lines logged, xml disabled,

               filtering disabled

Any other ideas?

0 Helpful

Antonio Knox
Level 7
Level 7
In response to mpugina63

‎07-21-2011 12:59 PM

This is an odd one, I see that your trap logging (syslog) count has increased.  If neither of these devices has changed, was there anything in between that could affect traffic?

Your first post:

Trap logging: level debugging, 130096 message lines logged

Your second post:

Trap logging: level debugging, 131479 message lines logged

0 Helpful

mpugina63
Level 1
Level 1
In response to Antonio Knox

‎07-21-2011 01:22 PM

no the syslog server is directly connected to the switch. I was thinking of putting an ACL on the port that the syslog server is connected to and see if I see UDP 514 traffic going out to the server.

0 Helpful

mpugina63
Level 1
Level 1
In response to mpugina63

‎07-21-2011 02:13 PM

ok, I put the ACL in on the server facing port and saw the traffic flowing through, I also so the issue, since I was running the vlan in standby mode it was using the standby IP and not the primary IP. Once I change it, all was well. Hopefully someone else will benefit from my pain

0 Helpful

Antonio Knox
Level 7
Level 7

‎07-21-2011 11:57 AM

Also, I noticed that you have 99 messages rate-limited, so disable log rate-limiting for grins:

PMI_4510_COR2(config)#no logging rate-limit

0 Helpful
Customers Also Viewed These Support Documents