Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
5
Helpful
2
Replies

Configure logging host failover

Go to solution
CatsAndIT
Level 1
Level 1

‎05-12-2022 05:42 AM

Greetings!

 

I have several 9300 series switches running IOS XE 17.x that forward SYSLOG to a central logging server. We recently stood up another logging server for HA/redundancy, but an issue we are running into is log duplication.

 

I know that with RADIUS setup, you can create a RADIUS group where the device will query each RADIUS server in order and if the first server fails to respond, it will move on to the next until it has exhausted all servers in the list before moving to local authentication (if configured as such).

 

Is it possible to configure the same with SYSLOG servers?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎05-12-2022 06:07 AM

Hello,

 

you could use an IP SLA in combination with two simple EEM scripts:

 

Let's say your primary and backup syslog servers are:

 

Syslog server 1: 192.168.1.10
Syslog server 2: 192.168 2.10

 

The configuration would look like this (change the source interface for the IP SLA to reflect the one you are actually using):

 

track 1 ip sla 1 reachability
!
ip sla 1
icmp-echo 192.168.1.10 source-interface GigabitEthernet0/0
!
ip sla schedule 1 start-time now life forever
!
event manager applet SYSLOG_1_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "no logging host 192.168.1.10"
action 3.0 cli command "logging host 192.168.2.10"
action 4.0 cli command "end"
!
event manager applet SYSLOG_1_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "no logging host 192.168.2.10"
action 3.0 cli command "logging host 192.168.1.10"
action 4.0 cli command "end"

 

View solution in original post

2 Replies 2

Go to solution
Georg Pauwen
VIP
VIP

‎05-12-2022 06:07 AM

Hello,

 

you could use an IP SLA in combination with two simple EEM scripts:

 

Let's say your primary and backup syslog servers are:

 

Syslog server 1: 192.168.1.10
Syslog server 2: 192.168 2.10

 

The configuration would look like this (change the source interface for the IP SLA to reflect the one you are actually using):

 

track 1 ip sla 1 reachability
!
ip sla 1
icmp-echo 192.168.1.10 source-interface GigabitEthernet0/0
!
ip sla schedule 1 start-time now life forever
!
event manager applet SYSLOG_1_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "no logging host 192.168.1.10"
action 3.0 cli command "logging host 192.168.2.10"
action 4.0 cli command "end"
!
event manager applet SYSLOG_1_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "no logging host 192.168.2.10"
action 3.0 cli command "logging host 192.168.1.10"
action 4.0 cli command "end"

 

Go to solution
Flavio Miranda
VIP
VIP

‎05-12-2022 06:12 AM

Hi

 For syslog the switch will send the same information to as many server as you point to. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card