04-17-2013 04:30 AM - edited 03-07-2019 12:51 PM
Hello,
I have installed a switch (3560) that was from another site and changed all it's config and hostname etc and it is now live, however the syslog messages still see the old hostname, what could be causing this?
Thanks
04-17-2013 06:29 AM
Hi Andy,
When you say the SYSLOG messages are still showing the old hostname, I presume you mean the name in the log file on the SYSLOG server?
For example:
[sfuller@redhat1 sfuller]$ sudo tail /var/log/syslog
[..]
Apr 17 14:01:33 ocs3725-1-loop0.lab.net 188: Apr 17 14:01:31.047 BST: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
If that's the case then it's probably caused by the SYSLOG server incorrectly resolving the IP address that the switch is using as the source of the SYSLOG messages i.e., the IP address still refers to the old switch name.
Regards
04-17-2013 08:01 AM
Well I did think it was the local server trying to resolve the IP to hostname via DNS, but it doesn't seem to be. I tried an nslookup and it can't resolve the switches IP, plus there is no local host file, I'm not sure how it is getting this name.
04-17-2013 09:19 AM
Can you post an example of the message you're getting?
The message that's actually logged and sent from the switch doesn't actually have a name or IP address in the message. This can be seen in the tshark capture from my SYSLOG server below:
root@rhel8 ~]# tshark -V -i bond0 host 192.168.2.131 and port 514
Frame 1 (157 bytes on wire, 157 bytes captured)
[..]
Ethernet II, Src: Cisco_20:59:00 (00:13:5f:20:59:00), Dst: HewlettP_27:c3:f5 (00:0e:7f:27:c3:f5)
Destination: HewlettP_27:c3:f5 (00:0e:7f:27:c3:f5)
[..]
Type: IP (0x0800)
Internet Protocol, Src: 192.168.2.131 (192.168.2.131), Dst: 192.168.11.115 (192.168.11.115)
Version: 4
[..]
Source: 192.168.2.131 (192.168.2.131)
Destination: 192.168.11.115 (192.168.11.115)
User Datagram Protocol, Src Port: 61623 (61623), Dst Port: syslog (514)
Source port: 61623 (61623)
Destination port: syslog (514)
Length: 123
Checksum: 0xe45f [correct]
[Good Checksum: True]
[Bad Checksum: False]
Syslog message: LOCAL7.NOTICE: 197: Apr 17 17:13:03.144 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel31061, changed state to up
1011 1... = Facility: LOCAL7 - reserved for local use (23)
.... .101 = Level: NOTICE - normal but significant condition (5)
Message: 197: Apr 17 17:13:03.144 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel31061, changed state to up
As you can see there's no name or IP address other than that in the IP header.
Regards
05-19-2016 01:49 PM
I realize that this entry is 3 years old, but I am stuck on a simple issue here. I see that your router name is in your log entries without any IP address referenced. We are trying to accomplish the same thing but the solution is eluding us. The closest that we got was entering the command "logging origin-id hostname" so our configurations look like this.
logging buffered 500000
logging event link-status default
logging alarm informational
logging trap debugging
logging origin-id hostname
logging source-interface Vlan15
And our log output looks like this.
May 19 16:45:17 172.16.50.2 3655: SWCORE01: 003592: May 19 21:45:16.418 UTC: %SYS-5-CONFIG_I: Configured from console by admdcarrasco on vty0 (192.168.10.10)
How did you get JUST the router hostname in your logs?
10-27-2016 07:29 AM
Hi David,
Did you try to remove the "logging source-interface Vlan15" configuration statement and re-add it after that ? It did work for me on a WS-C3560X-48 running IOS 15.0(2)SE10. Please let me know if it did work.
06-09-2020 08:54 AM
Did you find a resolution to this problem? I also am experiencing an issue where both hostname and IP are printing in logs and I want JUST hostname. Thanks.
04-08-2019 03:00 AM
Hello
@Andy White wrote:
Hello,
I have installed a switch (3560) that was from another site and changed all it's config and hostname etc and it is now live, however the syslog messages still see the old hostname, what could be causing this?
Thanks
Does this switch have the same ip address as the old switch you replaced?
I do you have the string option in the logging - logging origin-id string xxxx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide