Syslog On Cisco 2960 switch

c.adisesh · ‎10-04-2012

Hello,

I have enbaled syslog on my Cisco 2960S swtich as shown below -

logging facility local6

logging host 10.11.12.122 transport tcp port 514

I have sent the port to TCP since that is what is configured on the SYSLOG server which is a CENTOS 5.8, running rsyslogd.

I have tested the rsyslogd locally and it work.

However i want to send any and all log messages in the buffer to my syslog server and it is not working.

NOTE: there is no firewall on the CENTOS and the ASA firewall filter is enabled for outgoing traffic.

Thanks

Antonio Knox · ‎10-04-2012

If you want to send all logs to syslog, then you should set the logging traps to the level you choose. In your config:

logging trap informaional

or if you want all possible logs (not recommended):

logging trap debugging

shoriya425 · ‎11-17-2017

If we enable logging trap debug..so we will all alerts like..error..crtical.UP/Down..etc..iam looking for when the port went down/UP and what is the reason..which is the best alert need to configure

singhaam007 · ‎10-04-2012

first you need to enable the traps you want

Network(config)#logging trap ?

<0-7> Logging severity level

alerts Immediate action needed (severity=1)

critical Critical conditions (severity=2)

debugging Debugging messages (severity=7)

emergencies System is unusable (severity=0)

errors Error conditions (severity=3)

informational Informational messages (severity=6)

notifications Normal but significant conditions (severity=5)

warnings Warning conditions (severity=4)

then in SNMP config use

snmp-server enable traps syslog

then you will be able to get it.

http://www.cisco.com/en/US/docs/ios/12_3/configfun/command/reference/cfr_1g11.html#wp1031027

please rate if this helps

thanks

c.adisesh · ‎10-04-2012

Thanks for this info, but by using the snmp-server command, my syslog server need to be also the SNMP server - is that right. Right now my snmp server and syslog servers are seperate boxes.

singhaam007 · ‎10-04-2012

hello.

you can use logging command to send these traps from SNMP to your syslog server

logging XXXXXX(ip address of syslog server)

please try this.

thanks

Andreas Herbst · ‎08-01-2014

Hi,

I´ve now configured my CPI (2.1) for receiving all syslog and SNMP Traps sent from my seitches (catalyst 2960s). Everything works fine so far.

Now i want CPI to send an email for the syslog event "security violation". I can see this event in Syslog view and also in events with severity cirtical like i defined in severity configuration but no email is generated. Do i have to configure something special if i want to have an email notification on this?

The reason for this problem (maybe there´s another solution): We use 802.1x authentication and i want to know when there´s a security violation and a port is set to error disabled state. I´ve configured my switches to send SNMP Traps for "errdisabled" but they never appear in CPI.

Because of that i´ve configured syslogs and saw that "security violation" is logged by syslog but no email is created :((

Thank you very much for you help!!

Clayton Dukes · ‎10-05-2012

Hi,

There is some confusion here.

Please be aware that SNMP and Syslog are two entirely separate things. The 'logging x.x.x.x" command has *nothing* to do with SNMP.

You should be able to get all of the information you seek from my Whitepaper published at http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

If you find that you still need help, please let me know and I'll be happy to provide guidance.

Hope it helps :-)