Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2975
Views
10
Helpful
4
Replies

Sending logs to a Syslog

Go to solution
Temitopeogunwola
Level 1
Level 1

‎04-10-2020 03:13 PM

Hello,

 

I am tasked with sending logs from specific interfaces to nagios syslog server. Here is my config

logging 10.1.2.2                      

               logging trap 6

                                        Logging source-interface GigabitEthernet 1/0/20

                                        Logging source-interface GigabitEthernet 2/0/19

                                        Logging source-interface GigabitEthernet 1/0/18

                                       Logging source-interface GigabitEthernet 2/0/17

                                        Logging source-interface GigabitEthernet 1/0/22

                                       Logging source-interface GigabitEthernet 2/0/21

                                       Logging source-interface GigabitEthernet 1/0/24

                                       Logging source-interface GigabitEthernet 2/0/23

 

 

My concern is that when I used to show logging command.I could only see Gi2/0/23 as the source interface,the rest are not been captured.

 

Logging to 10.1.2.2(udp port 514, audit disabled,
link up),
9618 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
GigabitEthernet2/0/23

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎04-11-2020 11:33 AM

The original poster tells us that he is trying to "sending logs from specific interfaces". And made a logical (but incorrect) assumption that the source interface command would specify the interface that was the source of the event in the log message. @Reza Sharifi has correctly clarified that the source interface command is used to specify the IP address used as the source address of the packet sending the log message to the server.

 

Are we correct in understanding that the original objective was to send log messages related to specified interfaces and to NOT send log messages related to other interfaces? That would be pretty tricky to accomplish. Perhaps one approach would be to suppress link messages for the other interfaces allowing only the specified interfaces to generate link change messages. Or perhaps another approach would be to write an EEM script which would evaluate all log messages and select messages related to the specified interfaces and forward only those messages to the server?  

 

 

HTH

Rick

View solution in original post

4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎04-10-2020 06:46 PM

Hi,

GigabitEthernet2/0/23 is just a source interface for sending logs but you still should get all the status for all interfaces.

The command should be:

snmp-server host 10.1.2.2 

HTH

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎04-11-2020 11:33 AM

The original poster tells us that he is trying to "sending logs from specific interfaces". And made a logical (but incorrect) assumption that the source interface command would specify the interface that was the source of the event in the log message. @Reza Sharifi has correctly clarified that the source interface command is used to specify the IP address used as the source address of the packet sending the log message to the server.

 

Are we correct in understanding that the original objective was to send log messages related to specified interfaces and to NOT send log messages related to other interfaces? That would be pretty tricky to accomplish. Perhaps one approach would be to suppress link messages for the other interfaces allowing only the specified interfaces to generate link change messages. Or perhaps another approach would be to write an EEM script which would evaluate all log messages and select messages related to the specified interfaces and forward only those messages to the server?  

 

 

HTH

Rick

Go to solution
Temitopeogunwola
Level 1
Level 1
In response to Richard Burts

‎04-13-2020 10:47 AM

Thank you for the detailed post and clarity.Would you recommend i use Netflow to monitor those interfaces and exporting to our Nagios Log server?What i am trying to achieve is to be able to create filters and alerts on  Nagios based on the interfaces we are interested in monitoring(Bandwidth,connectivity with the clusters.etc)

 

 

Thanks!

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Temitopeogunwola

‎04-13-2020 11:00 AM - edited ‎04-13-2020 11:02 AM

Hi,

Nagios is SNMP based. So, if you want to monitor the status of interfaces of routers or switches, use the command I provide in the first post to configure it. You can also configure a source interface for SNMP.  "snmp-server trap-source Loopback0" In this case, lo0 in an example and should be used when possible. If the device doesn't have a lookpback interface, you can just use another interface that is up and running. Nagios is a free tool, so you need to write some programming/scripts to get it up and running. Also, as far as I know, you shouldn't need Netflow to create charts and graphs for Nagios.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card