01-10-2018 12:13 PM - edited 03-08-2019 01:22 PM
I'm trying to get our syslog messages from a 4500 switch sent to our syslog server. I duplicated the same config that I was using from a differnet switch that's a 2960. However, the 2960 is sending info to the syslog server but the 4500 isn't.
I attached the running-configs for both the 2960 and 4500. Any help is appreciated.
01-10-2018 12:41 PM
Good day,
Some platforms have logging disabled by default. Could you enter the following and see if it helps?
Switch(config)# logging on
Also, it looks like the interface that will go out to the server for logging purposes is under a vrf. Could you verify if the server is reachable under such vrf, please?
Switch# ping vrf mgmtVrf 10.11.128.122 source Fa1 Switch# ping vrf mgmtVrf 10.11.128.122 source 10.11.175.199
Hope this helps,
Eduardo.
01-10-2018 12:52 PM
Ran the commands with modifying the second ping. The syslog server is accessible from this switch, and I checked with our firewall guy that there is no block.
DMZ-C4500x-R2-0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DMZ-C4500x-R2-0(config)#logging on
DMZ-C4500x-R2-0(config)#end
DMZ-C4500x-R2-0#ping vrf mgmtVrf 10.11.128.122 source Fa1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.11.128.122, timeout is 2 seconds:
Packet sent with a source address of 10.11.128.122
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DMZ-C4500x-R2-0#ping vrf mgmtVrf 10.11.175.199 source 10.11.128.122
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.11.175.199, timeout is 2 seconds:
Packet sent with a source address of 10.11.128.122
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DMZ-C4500x-R2-0#
01-10-2018 01:14 PM
Understood, thank you,
Could you attach the output of "show log" of both the C2960 and C4500X please?
I would like to see if there is some other option enabled by default in one platform but not the other.
Kind regards,
Eduardo.
01-11-2018 04:43 AM
01-10-2018 12:54 PM
Also checked with the firewall guy. He sees my pings from the 4500 switch to the syslog server in traffic logs on the FW but absolutely nothing else. So, my switch isn't sending anything.
01-11-2018 06:27 AM
Thank you for this new information,
Looking at differences, the Cat2960 switch has monitor logging enabled, whereas the Cat4500 switch has it disabled.
2960 Console logging: disabled Monitor logging: level critical, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 2949 messages logged, xml disabled, filtering disabled 4500 Console logging: level debugging, 4629 messages logged, xml disabled, filtering disabled Monitor logging: disabled Buffer logging: level debugging, 187 messages logged, xml disabled, filtering disabled
Can you enter the following configuration please?
Switch# conf t Switch(config)# logging trap 7 Switch(config)# end Switch# wr
If it does not work, then we may need to take a packet capture a hop ahead of the Cat4500 (because mgmt port Fa1 has certain limitations), to see if packets are going out.
Another thing that I could think of, is that the service could not just start, and a reload may be required, but I would prefer to try the steps mentioned above before doing so.
Hope this helps,
Eduardo.
01-11-2018 06:38 AM
I ran the commands you recommended. No luck.
01-11-2018 07:34 AM
Thank you again,
Can you also enable "logging monitor 7" under the switch global configuration mode please?
Kind regards,
Eduardo.
01-11-2018 07:38 AM
Did so, and added a desc to an interface and removed it. Shows in the log itself but not on syslog. Checked with our FW guy and he doens't see anything from the switch. I'm taking your suggestion to do a reload and we're planning this weekend Sat at 8am. So after the reload, we'll see what happens.
01-18-2018 04:00 AM
So we rebooted the switch on Saturday and checked the syslog server again. No dice. Still not sending.
01-10-2018 12:42 PM
I see you are using the FastEthernet1 port as your logging source on the 4500 are you able to ping the logging server address using that FastEthernet1 port as the source?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide