06-28-2024 06:50 AM
Hi there,
I am trying to get syslog messages from my 2960x to be sent to Kiwi Syslog Server (free) on my Windows 11 machine.
I have configured everything on the switch as per swlog.pdf (cisco.com) and the switch is recording that it is sending out the messages but I am not getting anything in Syslog Server.
Console logging: level debugging, 359 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 16 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 362 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level debugging, 362 message lines logged
Logging to 172.17.x.x (udp port 514, audit disabled,
link up),
230 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 192.168.x.x (udp port 514, audit disabled,
link up),
10 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
I have run Wireshark on the PC and although I can see traffic between the PC and the Switch if I ping the switch I do not see any UDP Port 514 (which the switch is using) traffic.
Can anyone suggest why I am not seeing any UPD Port 514 traffic or syslog messages. Could it be that the traffic is being sent to a specific interface on the switch and if so how can I work out which one?
Thank
Laurie
06-28-2024 09:52 AM
>... if I ping the switch I do not see any UDP Port 514 (which the switch is using) traffic.
- The UDP Port 514 is used and or the receiving port for the syslog server ,that should then be in your
case the Kiwi Syslog Server (free) on your Windows 11 machine. You may want to check the readiness of the latter application by for instance from another host with :
% nmap -sU -p514 win11machine-hostname
M.
06-28-2024 04:25 PM
try use
debug ip udp 514
and check if router send any udp packet to this port
MHM
06-30-2024 09:54 PM
Hello
try the following:
logging on
no logging host 172.15.x.x
logging host 192.168.x.x
logging source-interface xxxx
I have you made sure youve disabled any win11 software fw that could be negating connection?
Can you ping the the syslog server from source interface,
06-30-2024 11:31 PM
Hi, ensure the switch's logging source-interface is set correctly and check if Windows Firewall is blocking UDP 514 traffic. Also, verify that Kiwi Syslog Server is configured to listen on UDP 514.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide