11-22-2016 09:00 PM - edited 03-08-2019 08:15 AM
Hi All,
Recently we had upgrade our 2 no of 6880 core switches, so after upgrading syslog is not receiving messages in PRTG tool, string i am using as a OSIND, not public, meanwhile i can get traffic information in any port through Traffic sensor in PRTG tool.
I am using one more core switch in another location , its having ((s2t54-ipbasek9_npe-mz.SPA.151-2.SY4a.bin)) old IOS, its working fine with syslog receiver in same monitoring machine with PRTG tool, but this core which having problem is having ((c6880x-ipservicesk9-mz.SPA.151-2.SY6.bin)) latest IOS. ANY BUG reported or else if you have any solution please help me to resolve this issue?????
I have deployed the comment " logging host a.b.c.d "
Regards,
Bala
11-23-2016 09:07 AM
Bala
Check to see if the show log has the messages that you wish to see in your syslog server. Upload the output of show tech, to see if we can spot what the problem could be.
If you have Wireshark (or tcpdump) installed on the syslog server, consider doing the following:
Start the pktCapture
SSh to the device
term mon
conf t
exit
Now, because we configured term mon, the SSh session should display a message. Check to see if the same appears in show log. Finally, look into the pkt capture and see if the pkt exists. Let us know what you find.
Sincerely ... Palani
11-24-2016 12:23 AM
11-29-2016 10:49 AM
Hi Bala
Just resumed work after a long weekend. Your logging config is
!
logging trap debugging
logging facility local1
logging host 10.179.117.2
!
Is your syslog server configured to accept local1/facility? Most likely not. Given this, the server is receiving the pkts but silently dropping it.
Kindly work with your server admin and find what facility is expected and proceed to configure the router, to matching facility.
This should take care of the logging problem.
Kind regards ... Palani
11-30-2016 05:44 AM
Hi Bala
Just thought of one more thing to look for. Look at running-config other devices which are successful in sending syslog messages. If they contain facility local1, then we need to look elsewhere for the answer. Please share what you find.
Kind regards ... Palani
11-27-2016 10:18 PM
Hi any luck????
12-05-2016 06:28 AM
Hi Bala,
Have you been able to resolve this?
Could you check that PRTG is receiving syslogs from this switch (using wireshark). If the syslogs are not arriving at all in PRTG, then you'll need to check any firewalls or ACLs between your new switches and PRTG.
If the syslogs are arriving at the PRTG server, but the PRTG software isn't showing them, then the first place to look is *where* the syslog sensor is in the device tree. Please test with the sensor at the probe level in the tree (root probe or remote probe), and see if it receives messages then.
Once that is working, then you can move the sensor further down in the tree, probably to the switch.
Please note that PRTG has a hidden filter when you put a syslog sensor on a device rather than on a probe: it will automatically filter out all log messages where the source IP is different than the IP that PRTG is using for that switch. Since most switches have more than one IP address, it's important that the IP used as the source for the syslogs and the IP used by PRTG are the same.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide