Hi Bala,

balamurugan48011 · ‎11-22-2016

Hi All,

Recently we had upgrade our 2 no of 6880 core switches, so after upgrading syslog is not receiving messages in PRTG tool, string i am using as a OSIND, not public, meanwhile i can get traffic information in any port through Traffic sensor in PRTG tool.

I am using one more core switch in another location , its having ((s2t54-ipbasek9_npe-mz.SPA.151-2.SY4a.bin)) old IOS, its working fine with syslog receiver in same monitoring machine with PRTG tool, but this core which having problem is having ((c6880x-ipservicesk9-mz.SPA.151-2.SY6.bin)) latest IOS. ANY BUG reported or else if you have any solution please help me to resolve this issue?????

I have deployed the comment " logging host a.b.c.d "

Regards,

Bala

Palani Mohan · ‎11-23-2016

Bala

Check to see if the show log has the messages that you wish to see in your syslog server. Upload the output of show tech, to see if we can spot what the problem could be.

If you have Wireshark (or tcpdump) installed on the syslog server, consider doing the following:

Start the pktCapture

SSh to the device

term mon

conf t

exit

Now, because we configured term mon, the SSh session should display a message. Check to see if the same appears in show log. Finally, look into the pkt capture and see if the pkt exists. Let us know what you find.

Sincerely ... Palani

balamurugan48011 · ‎11-24-2016

Hi Palani,

As per your request, here i have attached my techsupport and packet captured file for your reference.

FYI : if i enabled terminal monitor after that i can able to see the commands in live and after conf t and exit, i can able to see in sh logg.

Thanks.

Palani Mohan · ‎11-29-2016

Hi Bala

Just resumed work after a long weekend. Your logging config is

!
logging trap debugging
logging facility local1
logging host 10.179.117.2
!

Is your syslog server configured to accept local1/facility? Most likely not. Given this, the server is receiving the pkts but silently dropping it.

Kindly work with your server admin and find what facility is expected and proceed to configure the router, to matching facility.

This should take care of the logging problem.

Kind regards ... Palani

Palani Mohan · ‎11-30-2016

Hi Bala

Just thought of one more thing to look for. Look at running-config other devices which are successful in sending syslog messages. If they contain facility local1, then we need to look elsewhere for the answer. Please share what you find.

Kind regards ... Palani

balamurugan48011 · ‎11-27-2016

Hi any luck????

communities@paessler.com · ‎12-05-2016

Hi Bala,

Have you been able to resolve this?

Could you check that PRTG is receiving syslogs from this switch (using wireshark). If the syslogs are not arriving at all in PRTG, then you'll need to check any firewalls or ACLs between your new switches and PRTG.

If the syslogs are arriving at the PRTG server, but the PRTG software isn't showing them, then the first place to look is *where* the syslog sensor is in the device tree. Please test with the sensor at the probe level in the tree (root probe or remote probe), and see if it receives messages then.

Once that is working, then you can move the sensor further down in the tree, probably to the switch.

Please note that PRTG has a hidden filter when you put a syslog sensor on a device rather than on a probe: it will automatically filter out all log messages where the source IP is different than the IP that PRTG is using for that switch. Since most switches have more than one IP address, it's important that the IP used as the source for the syslogs and the IP used by PRTG are the same.

syslog server is not getting alert in 6k switches