This one is from a one that is working

Syslog logging: enabled (0 messages dropped, 46 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level emergencies, 0 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 55790 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled
    Trap logging: level informational, 50389 message lines logged
        Logging to Ip address  (udp port 514, audit disabled,
              link up),
              6937 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging Source-Interface:       VRF Name:

Log Buffer (16384 bytes):

This is from that is not working

Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 5528 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 5528 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 5508 message lines logged
        Logging to ip address (udp port 514, audit disabled,
              link up),
              42 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging Source-Interface:       VRF Name:

Log Buffer (4096 bytes):

I'll try those commands julio and see what that does.  What is weird is I send a test log and that will show up in the syslog server but no others.

Thanks please keep us posted. do you have communication from the syslog server to the switches (ip address for management) and vice versa?

Here are some lines that were created from me to generate some logs

Feb  6 14:29:13.969: %SYS-5-CONFIG_I: Configured from console by vty0 (x.x.x.x)
Feb  6 14:32:17.735: %SYS-5-CONFIG_I: Configured from console by vty0 (x.x.x.x)
Feb  6 14:32:18.735: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host x.x.x.x port 514 started - CLI initiated
Feb  6 14:32:33.754: %SYS-6-USERLOG_INFO: Message from tty1(user id: ): test
Feb  6 14:33:32.174: %SYS-6-USERLOG_INFO: Message from tty1(user id: ): test
Feb  6 14:34:20.401: %SYS-6-USERLOG_INFO: Message from tty1(user id: ): test
Feb  6 14:35:43.578: %SYS-5-CONFIG_I: Configured from console by vty0 (x.x.x.x)
Feb  6 15:11:59.985: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host x.x.x.x port 514 stopped - CLI initiated
Feb  6 15:12:01.362: %SYS-5-CONFIG_I: Configured from console by vty0 (x.x.x.x)

The test ones did show up in the syslog server.  The the second last line was me adding a different logging host and removing it just generate an event.

Hi

is it working now?

Yes and that is correct. The line that didn’t work was me removing a logging host that I added just to generate an event. It wasn’t the actual server I’m sending them to.

Julio, I ran those commands and set the source-interface to the loopback and it still doesn't work.

mm that is weird, what switch model are? are they using the same IOS?

They are catalyst 2960-x and are running the same IOS.  I'm looking at doing a software update on them and see what that does.  The version they are on is 15.0(2) EX5

I figured it out, I didn't realize the syslog server was out of licenses for that type.  Once I freed up some licenses I was able to add in ones that were previously failing.  Weird though that creating a test log on the switch and the syslog would still record it but no others.

Thanks for the replies

Good to know  :-)

I am very glad to know that you have solved the problem and that it turned out to be a licensing issue on the server. I am quite surprised that if there was a licensing limit that it would accept the test message.

HTH

Rick

Am I understanding correctly that this line did show up on the syslog server

Feb  6 14:32:33.754: %SYS-6-USERLOG_INFO: Message from tty1(user id: ): test

and that this line did not show up on the syslog server

Feb  6 15:11:59.985: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host x.x.x.x port 514 stopped - CLI initiated

HTH

Rick

The suggestion to configure the logging source interface is interesting and would probably be a good idea.

It is interesting that the output from the one that you say does not work that it says 42 message lines logged. When I asked for the first several pages of output of show logging I wanted to see the headers about how logging is set up (and you did post that) but I also hoped to see some of the contents of the logging buffer (looking especially for the severity level of these messages).

Try the suggested config changes and let us know if the behavior changes.

HTH

Rick