Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
4
Replies

Syslog Messages on Cisco 2960x

LMMC
Level 1
Level 1

‎06-28-2024 06:50 AM

Hi there,

I am trying to get syslog messages from my 2960x to be sent to Kiwi Syslog Server (free) on my Windows 11 machine.

I have configured everything on the switch as per swlog.pdf (cisco.com) and the switch is recording that it is sending out the messages but I am not getting anything in Syslog Server.

 

Console logging: level debugging, 359 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 16 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 362 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level debugging, 362 message lines logged
Logging to 172.17.x.x (udp port 514, audit disabled,
link up),
230 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 192.168.x.x (udp port 514, audit disabled,
link up),
10 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:

I have run Wireshark on the PC and although I can see traffic between the PC and the Switch if I ping the switch I do not see any UDP Port 514 (which the switch is using) traffic.

Can anyone suggest why I am not seeing any UPD Port 514 traffic or syslog messages. Could it be that the traffic is being sent to a specific interface on the switch and if so how can I work out which one?

Thank

Laurie

 

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎06-28-2024 09:52 AM

 

             >... if I ping the switch I do not see any UDP Port 514 (which the switch is using) traffic.
    -  The UDP Port 514 is used and or the receiving port for the syslog server ,that should then be in your
        case the Kiwi Syslog Server (free) on your Windows 11 machine. You may want to check the readiness of the latter application by for instance  from another host with :  
                                    % nmap -sU -p514 win11machine-hostname

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MHM Cisco World
VIP
VIP

‎06-28-2024 04:25 PM

try use 

debug ip udp 514 
and check if router send any udp packet to this port 

MHM

0 Helpful

paul driver
VIP
VIP

‎06-30-2024 09:54 PM

Hello
try the following:

logging on
no logging host 172.15.x.x
logging host 192.168.x.x
logging source-interface xxxx

I have you made sure youve disabled any win11 software fw that could be negating connection?
Can you ping the the syslog server from source interface,


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ahmadkhalido585858
Level 1
Level 1

‎06-30-2024 11:31 PM

Hi, ensure the switch's logging source-interface is set correctly and check if Windows Firewall is blocking UDP 514 traffic. Also, verify that Kiwi Syslog Server is configured to listen on UDP 514.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card