Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
0
Helpful
6
Replies

Syslogging on a Catalyst 4510

bud.nelson
Beginner
Beginner

‎10-08-2010 07:19 AM - edited ‎03-06-2019 01:24 PM

Morning all -

Syslogging from various older switches (2950, 3500,3650, etc) to a GFI syslog server works. Cannot get the 4510's to work. Shows messages being sent to the server but Wireshark confirms the packets do not arrive at the Syslog server.

In each case the cfg lones are the same-

Logging trap debugging ( or higher)

Logging 10.2.5.96

Tried logging facility local3 as well as the default.

Any ideas ? Thanks.

Labels:
0 Helpful
6 Replies 6

andtoth
Enthusiast
Enthusiast

‎10-08-2010 08:09 AM

Hi,

Do you have logging enabled by 'logging on' ?

Would be good if you could paste an output of the 'show logging' header (before the actual log messages).

Can you reach the syslog server from the Cat4500, for instance by pinging it?

Do you have any ACLs applied on the interfaces which might block syslog traffic?

Andras

0 Helpful

bud.nelson
Beginner
Beginner
In response to andtoth

‎10-08-2010 08:25 AM

Hi Andras

Yes logging is on, the Syslog server is pingable and traceroute returns the expected path. I have attached a log file with the sh logging output.

thanks

73220-putty.log.zip
0 Helpful

andtoth
Enthusiast
Enthusiast
In response to bud.nelson

‎10-09-2010 04:29 PM

The show logging output looks fine.

You mentioned Wireshark capture. Where did you capture the traffic? Did you try doing a SPAN capture on the 4500 switchport? Did you see the syslog traffic there?

Is the server directly connected to the switch? If not, you could try connecting it directly or capture traffic at each segment to see at which point you start losing syslog traffic.

By the way, what IOS version are you running?

0 Helpful

bud.nelson
Beginner
Beginner
In response to andtoth

‎10-13-2010 06:28 AM

Sorry for the delay. Running 12.2(25). I spanned the switchport of the Syslog server which is in another switch. The logging traffic from the 4510 was not making it that far. I'll try segment by segment to find the loss point.

Thanks for your help...

0 Helpful

bud.nelson
Beginner
Beginner
In response to bud.nelson

‎10-15-2010 07:43 AM

And the problem was - traffic WAS being sent to the server but showed a VLAN Virtual IP (server VLAN)  as the source. The traffic we expected to see, and the IP we were sniffing, was from the loopback address which was on a different VLAN.  

0 Helpful

andtoth
Enthusiast
Enthusiast
In response to bud.nelson

‎10-15-2010 11:36 AM

Hi,

Thanks for the update. I'm glad you found the cause of the issue.

Andras

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents