cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

5745
Views
0
Helpful
6
Replies
Explorer

Hostname on switch shows as on name on syslog server?

Hello,

I have installed a switch (3560) that was from another site and changed all it's config and hostname etc and it is now live, however the syslog messages still see the old hostname, what could be causing this?

Thanks

6 REPLIES 6
Engager

Hostname on switch shows as on name on syslog server?

Hi Andy,

When you say the SYSLOG messages are still showing the old hostname, I presume you mean the name in the log file on the SYSLOG server?

For example:

[sfuller@redhat1 sfuller]$ sudo tail /var/log/syslog

[..]

Apr 17 14:01:33 ocs3725-1-loop0.lab.net 188: Apr 17 14:01:31.047 BST: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

If that's the case then it's probably caused by the SYSLOG server incorrectly resolving the IP address that the switch is using as the source of the SYSLOG messages i.e., the IP address still refers to the old switch name.

Regards

Explorer

Hostname on switch shows as on name on syslog server?

Well I did think it was the local server trying to resolve the IP to hostname via DNS, but it doesn't seem to be.  I tried an nslookup and it can't resolve the switches IP, plus there is no local host file, I'm not sure how it is getting this name.

Engager

Hostname on switch shows as on name on syslog server?

Can you post an example of the message you're getting?

The message that's actually logged and sent from the switch doesn't actually have a name or IP address in the message. This can be seen in the tshark capture from my SYSLOG server below:

root@rhel8 ~]# tshark -V -i bond0 host 192.168.2.131 and port 514

Frame 1 (157 bytes on wire, 157 bytes captured)

[..]

Ethernet II, Src: Cisco_20:59:00 (00:13:5f:20:59:00), Dst: HewlettP_27:c3:f5 (00:0e:7f:27:c3:f5)

    Destination: HewlettP_27:c3:f5 (00:0e:7f:27:c3:f5)

    [..]

    Type: IP (0x0800)

Internet Protocol, Src: 192.168.2.131 (192.168.2.131), Dst: 192.168.11.115 (192.168.11.115)

    Version: 4

    [..]

    Source: 192.168.2.131 (192.168.2.131)

    Destination: 192.168.11.115 (192.168.11.115)

User Datagram Protocol, Src Port: 61623 (61623), Dst Port: syslog (514)

    Source port: 61623 (61623)

    Destination port: syslog (514)

    Length: 123

    Checksum: 0xe45f [correct]

        [Good Checksum: True]

        [Bad Checksum: False]

Syslog message: LOCAL7.NOTICE: 197: Apr 17 17:13:03.144 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel31061, changed state to up

    1011 1... = Facility: LOCAL7 - reserved for local use (23)

    .... .101 = Level: NOTICE - normal but significant condition (5)

    Message: 197: Apr 17 17:13:03.144 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel31061, changed state to up

As you can see there's no name or IP address other than that in the IP header.

Regards

Beginner

I realize that this entry is

I realize that this entry is 3 years old, but I am stuck on a simple issue here. I see that your router name is in your log entries without any IP address referenced. We are trying to accomplish the same thing but the solution is eluding us. The closest that we got was entering the command "logging origin-id hostname" so our configurations look like this.

logging buffered 500000
logging event link-status default
logging alarm informational
logging trap debugging
logging origin-id hostname
logging source-interface Vlan15

And our log output looks like this.

May 19 16:45:17 172.16.50.2 3655: SWCORE01: 003592: May 19 21:45:16.418 UTC: %SYS-5-CONFIG_I: Configured from console by admdcarrasco on vty0 (192.168.10.10)

How did you get JUST the router hostname in your logs?

Beginner

Hi David,

Hi David,

    Did you try to remove the "logging source-interface Vlan15" configuration statement and re-add it after that ? It did work for me on a WS-C3560X-48 running IOS 15.0(2)SE10. Please let me know if it did work.

VIP Advisor

Re: Hostname on switch shows as on name on syslog server?

Hello


@Andy White wrote:

Hello,

 

I have installed a switch (3560) that was from another site and changed all it's config and hostname etc and it is now live, however the syslog messages still see the old hostname, what could be causing this?

 

Thanks


Does this switch have the same ip address as the old switch you replaced?
I do you have the string option in the logging - logging origin-id string xxxx



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards