06-23-2022 12:20 AM
Hello Guys,
Actually I have received a show tech output, and from show running it has configured logging x.x.x.x for syslog.
I wanted to know from show tech, will I be able to know if it's really sending logs to the server x.x.x.x.
Models: WS-3750X & WS-2960X
Thanks
06-23-2022 01:21 AM
Hi
If you attach the show tech here we can take a look. It is impossible to remember all information present in show tech to afirm this.
But, what you really should do is look at syslog server. Does the logs gets there?
for you reference
06-23-2022 01:50 AM
06-23-2022 01:24 AM
You do not need show tech to view that.
show logging is good enough to show is the logs are send to Log server ( you can see how many logs shipped ?)
can you post
show run | in logging
show logging
to assists better.
06-23-2022 01:50 AM
------------------ show logging ------------------
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 24936486 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 24936486 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 24936491 message lines logged
Logging to 10.0.1.21 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
24936491 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Log Buffer (4096 bytes):
NOTIF: Host 0000.0000.0c00 in vlan 6 is flapping between port Gi1/0/5 and port Gi2/0/4
*Jun 2 22:41:21.378: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 8 is flapping between port Gi1/0/16 and port Gi2/0/17
*Jun 2 22:41:27.417: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1e1f.c904 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:41:32.979: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1b03.e604 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:41:36.485: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 6 is flapping between port Gi2/0/4 and port Gi2/0/6
*Jun 2 22:41:36.485: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 8 is flapping between port Gi2/0/16 and port Gi2/0/17
*Jun 2 22:41:36.485: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 8 is flapping between port Gi2/0/17 and port Gi1/0/16
*Jun 2 22:41:36.494: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 6 is flapping between port Gi2/0/4 and port Gi1/0/5
*Jun 2 22:41:43.859: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1341.2c04 in vlan 4 is flapping between port Gi2/0/10 and port Gi1/0/14
*Jun 2 22:41:44.262: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1e1f.c904 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:41:51.585: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 8 is flapping between port Gi2/0/17 and port Gi2/0/16
*Jun 2 22:41:51.585: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 6 is flapping between port Gi2/0/6 and port Gi2/0/4
*Jun 2 22:41:51.585: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 6 is flapping between port Gi1/0/5 and port Gi2/0/4
*Jun 2 22:41:51.585: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 8 is flapping between port Gi1/0/16 and port Gi2/0/17
*Jun 2 22:41:58.220: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1e1f.c904 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:42:06.668: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 8 is flapping between port Gi2/0/17 and port Gi1/0/16
*Jun 2 22:42:06.676: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 6 is flapping between port Gi2/0/4 and port Gi1/0/5
*Jun 2 22:42:06.684: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 8 is flapping between port Gi2/0/17 and port Gi2/0/16
*Jun 2 22:42:06.684: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 6 is flapping between port Gi2/0/6 and port Gi2/0/4
*Jun 2 22:42:16.608: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1e1f.c904 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:42:21.784: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 6 is flapping between port Gi2/0/4 and port Gi2/0/6
*Jun 2 22:42:21.784: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 8 is flapping between port Gi2/0/16 and port Gi2/0/17
*Jun 2 22:42:21.826: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 8 is flapping between port Gi2/0/17 and port Gi1/0/16
*Jun 2 22:42:21.834: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 6 is flapping between port Gi2/0/4 and port Gi1/0/5
*Jun 2 22:42:27.505: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1e1f.c904 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:42:34.962: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1b03.e604 in vlan 4 is flapping between port Gi2/0/10 and port Gi1/0/14
*Jun 2 22:42:37.043: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 6 is flapping between port Gi2/0/6 and port Gi2/0/4
*Jun 2 22:42:37.043: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c01 in vlan 8 is flapping between port Gi2/0/16 and port Gi2/0/17
*Jun 2 22:42:37.043: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 8 is flapping between port Gi1/0/16 and port Gi2/0/17
*Jun 2 22:42:37.043: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.0c00 in vlan 6 is flapping between port Gi2/0/4 and port Gi1/0/5
*Jun 2 22:42:39.039: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1e1f.c904 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
*Jun 2 22:42:49.827: %SW_MATM-4-MACFLAP_NOTIF: Host faa4.1341.2c04 in vlan 4 is flapping between port Gi1/0/14 and port Gi2/0/10
06-23-2022 02:41 AM
@Keshav Boodhun wrote:
Logging to 10.0.1.21
Logs are sent to this IP address.
06-23-2022 03:03 AM
Logging to 10.0.1.21 (udp port 514, audit disabled, authentication disabled, encryption disabled, link up), 24936491 message lines logged,
Do you have syslog server running and listening on port 514 UDB - do you have any FW in bettwen which stop shipping the logs to syslog server from device ?
Do you see any other device can send Logs to syslog Server ?
what is the Device IP address ? can you able to ping syslog server ?
06-23-2022 03:30 AM
Unfortunately I don't have any access to the network at the client.
And as per my last network scan, it did not detect the syslog server.
The device IP is 10.100.100.51.
06-23-2022 07:22 AM
10.100.100.51 and syslog server not in same VLAN so i am sure something in the middle stopping
06-24-2022 02:22 AM
Yes there is a communication between these 2 networks on the firewall.
My question: From the logs, is there any way to confirm whether it's failing to reach the syslog server ? Or the way only way to check is looking on the syslog server itself.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide