cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1071
Views
10
Helpful
11
Replies
Beginner

Sending syslog out specific source port

I'm trying to get our syslog messages from a 4500 switch sent to our syslog server.  I duplicated the same config that I was using from a differnet switch that's a 2960.  However, the 2960 is sending info to the syslog server but the 4500 isn't.  

 

I attached the running-configs for both the 2960 and 4500.  Any help is appreciated.

11 REPLIES 11
Cisco Employee

Re: Sending syslog out specific source port

Good day, 

Some platforms have logging disabled by default. Could you enter the following and see if it helps?

 

Switch(config)# logging on

 

Also, it looks like the interface that will go out to the server for logging purposes is under a vrf. Could you verify if the server is reachable under such vrf, please?

Switch# ping vrf mgmtVrf 10.11.128.122 source Fa1
Switch# ping vrf mgmtVrf 10.11.128.122 source 10.11.175.199

Hope this helps,

Eduardo.

 

Beginner

Re: Sending syslog out specific source port

Ran the commands with modifying the second ping.  The syslog server is accessible from this switch, and I checked with our firewall guy that there is no block.  

 

DMZ-C4500x-R2-0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DMZ-C4500x-R2-0(config)#logging on
DMZ-C4500x-R2-0(config)#end
DMZ-C4500x-R2-0#ping vrf mgmtVrf 10.11.128.122 source Fa1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.11.128.122, timeout is 2 seconds:
Packet sent with a source address of 10.11.128.122
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
DMZ-C4500x-R2-0#ping vrf mgmtVrf 10.11.175.199 source 10.11.128.122
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.11.175.199, timeout is 2 seconds:
Packet sent with a source address of 10.11.128.122
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DMZ-C4500x-R2-0#

 

 

Cisco Employee

Re: Sending syslog out specific source port

Understood, thank you,

Could you attach the output of "show log" of both the C2960 and C4500X please? 

I would like to see if there is some other option enabled by default in one platform but not the other.

Kind regards,

Eduardo.

Beginner

Re: Sending syslog out specific source port

Sure, attached.  And thanks for helping.  I only have this problem with the 4500.  

Beginner

Re: Sending syslog out specific source port

Also checked with the firewall guy.  He sees my pings from the 4500 switch to the syslog server in traffic logs on the FW but absolutely nothing else.  So, my switch isn't sending anything.

Highlighted
Cisco Employee

Re: Sending syslog out specific source port

Thank you for this new information,

Looking at differences, the Cat2960 switch has monitor logging enabled, whereas the Cat4500 switch has it disabled.

 

2960
    Console logging: disabled
    Monitor logging: level critical, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 2949 messages logged, xml disabled,
                    filtering disabled

4500


    Console logging: level debugging, 4629 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: disabled
    Buffer logging:  level debugging, 187 messages logged, xml disabled,
                    filtering disabled

Can you enter the following configuration please?

Switch# conf t
Switch(config)# logging trap 7
Switch(config)# end
Switch# wr

If it does not work, then we may need to take a packet capture a hop ahead of the Cat4500 (because mgmt port Fa1 has certain limitations), to see if packets are going out. 

Another thing that I could think of, is that the service could not just start, and a reload may be required, but I would prefer to try the steps mentioned above before doing so.

Hope this helps,

Eduardo.

 

 

 

Beginner

Re: Sending syslog out specific source port

I ran the commands you recommended.  No luck.

Cisco Employee

Re: Sending syslog out specific source port

Thank you again,

Can you also enable "logging monitor 7" under the switch global configuration mode  please?

Kind regards,

Eduardo.

Beginner

Re: Sending syslog out specific source port

Did so, and added a desc to an interface and removed it.  Shows in the log itself but not on syslog.  Checked with our FW guy and he doens't see anything from the switch.  I'm taking your suggestion to do a reload and we're planning this weekend Sat at 8am.  So after the reload, we'll see what happens.

Beginner

Re: Sending syslog out specific source port

So we rebooted the switch on Saturday and checked the syslog server again.  No dice.  Still not sending.

Participant

Re: Sending syslog out specific source port

I see you are using the FastEthernet1 port as your logging source on the 4500 are you able to ping the logging server address using that FastEthernet1 port as the source?

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards