Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21148
Views
5
Helpful
15
Replies

unable to log messages to syslog server

Go to solution
mahesh18
Level 6
Level 6

‎01-01-2011 08:47 PM - edited ‎03-06-2019 02:46 PM

Hi all,

Happy new Year.

I have kiwi syslog server setup  on pc.

from switch i config this

logging trap debugging
logging 192.168.20.16

PC IP  is 192.168.20.16.

but  on pc i am unable to see the syslog messages?

thanks

mahesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Atif Awan
Cisco Employee
Cisco Employee

‎01-01-2011 09:05 PM 

mahesh18 wrote:
Hi all,
Happy new Year.
I have kiwi syslog server setup  on pc.
from switch i config this
logging trap debugging
logging 192.168.20.16
PC IP  is 192.168.20.16.
but  on pc i am unable to see the syslog messages?
thanks
mahesh

Have you checked the basics:

  • Does your switch have a Layer-3 IP configured and is it UP?
  • Can you ping from the switch to the Syslog Server?
  • Is the switch actually generating logs? Maybe there is no activity resulting in Sylog creation ...
  • Make sure there is no security software on the PC that is preventing you to receive syslog messages.

I personally think it will be something simple but let's hear back from you regarding the above first.

Atif

View solution in original post

Go to solution
johnlloyd_13
Level 9
Level 9
In response to mahesh18

‎01-02-2011 04:59 PM

hi mahesh,

i suspect this is more of an application issue on your syslog server/PC. try to re-trace your set up and find useful link below for your troubleshooting. i would suggest installing on another PC and test again.

http://knowledgebase.solarwinds.com/kb/questions/139/Kiwi+Syslog+Daemon+is+not+receiving+messages

View solution in original post

0 Helpful
15 Replies 15

Go to solution
Atif Awan
Cisco Employee
Cisco Employee

‎01-01-2011 09:05 PM 

mahesh18 wrote:
Hi all,
Happy new Year.
I have kiwi syslog server setup  on pc.
from switch i config this
logging trap debugging
logging 192.168.20.16
PC IP  is 192.168.20.16.
but  on pc i am unable to see the syslog messages?
thanks
mahesh

Have you checked the basics:

  • Does your switch have a Layer-3 IP configured and is it UP?
  • Can you ping from the switch to the Syslog Server?
  • Is the switch actually generating logs? Maybe there is no activity resulting in Sylog creation ...
  • Make sure there is no security software on the PC that is preventing you to receive syslog messages.

I personally think it will be something simple but let's hear back from you regarding the above first.

Atif

Go to solution
mahesh18
Level 6
Level 6
In response to Atif Awan

‎01-01-2011 09:15 PM

Hi,

thanks for reply.

i am able to ping from switch to pc.

pc has no firewall config.

my switch is layer 3 switch and all layer 3 ips are up.

also  on switch i went to config mode and did shut and no shut on port to create messages but no luck.

any thing else i can check

0 Helpful

Go to solution
Atif Awan
Cisco Employee
Cisco Employee
In response to mahesh18

‎01-01-2011 09:19 PM

Do you see Syslogs in the switch buffer when you execute the 'show logging' command? Can you post the output of the 'show logging' command? Also see if you can get sniffer captures on the PC.

Atif

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Atif Awan

‎01-01-2011 09:23 PM

hi,

here is info

3550SMIA#sh logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,                                                                                                                                0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.


    Console logging: disabled
    Monitor logging: level debugging, 94 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level informational, 51272 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled
    Trap logging: level debugging, 51323 message lines logged
        Logging to 192.168.20.16  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              120 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (4096 bytes):
ATCH: duplex mismatch discovered on FastEthernet0/8 (not half duplex), with 2950                                                                                                                               T FastEthernet0/8 (half duplex).
Jan  1 22:00:07.470 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:01:07.480 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:02:07.485 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:03:07.495 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:04:07.504 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:05:07.510 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:06:07.519 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:07:07.524 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:08:01.058 MST: %SYS-5-CONFIG_I: Configured from console by mintoo on v                                                                                                                               ty0 (192.168.5.1)
Jan  1 22:08:07.538 MST: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on F                                                                                                                               astEthernet0/8 (not half duplex), with 2950T FastEthernet0/8 (half duplex).
Jan  1 22:08:40.174 MST: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed sta                                                                                                                               te to down
Jan  1 22:08:44.739 MST: %SYS-5-CONFIG_I: Configured from console by mintoo on v                                                                                                                               ty0 (192.168.5.1)
Jan  1 22:08:45.235 MST: %LINK-5-CHANGED: Interface FastEthernet0/17, changed st                                                                                                                               ate to administratively down

thanks

mahesh

0 Helpful

Go to solution
Atif Awan
Cisco Employee
Cisco Employee
In response to mahesh18

‎01-01-2011 09:32 PM

This output looks ok to me. Get a packet capture (via wireshark or similar software) on the PC to see whether you are getting the syslog packets or not. If not then we will need to trace the packet path from the switch to the PC.

Atif

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Atif Awan

‎01-01-2011 09:55 PM

thanks for reply

i am installing wireshark now

will keep you posted

0 Helpful

Go to solution
ohassairi
Level 5
Level 5
In response to mahesh18

‎01-01-2011 09:57 PM

can you add :

Logging on

and also check the configuration of syslog server : in setup, look for the action if it is to display the message or just to save it in one file or ....

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to ohassairi

‎01-01-2011 10:06 PM

Hi

thanks for reply.

i add the command

logging on

still same thing.

and under setup

action  both things are checked

display

and log to file

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to mahesh18

‎01-02-2011 06:53 AM

hi mahesh,

try to ping from your syslog server to the default gateway set on the L3 switch and revert the results. try to double check on the IP address settings on your syslog server. any ACLs on the said L3 switch?

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to johnlloyd_13

‎01-02-2011 08:29 AM

Hi,

thanks for reply.

there is no ACL.

switch which is sending syslog messages has hsrp config and is active one.

i am able to ping from PC  to switch.

mahesh

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎01-02-2011 08:54 AM

Hi Mahesh.

Try:

logging host 192.168.20.16 and test again.

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎01-02-2011 01:29 PM

hi,

i did same result

thanks

mahesh

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎01-02-2011 04:31 PM

Hi all,

when on my pc i check error  log file under syslog it shows

unable to  open udp socket  on port 514.

my fw is disabled.

and i also installed wireshark on my pc and on wireshark i can see log message coming.

also under windows fw  exception settings i added the port 514  udp.

still unable to view the logs???

thanks

mahesh

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to mahesh18

‎01-02-2011 04:59 PM

hi mahesh,

i suspect this is more of an application issue on your syslog server/PC. try to re-trace your set up and find useful link below for your troubleshooting. i would suggest installing on another PC and test again.

http://knowledgebase.solarwinds.com/kb/questions/139/Kiwi+Syslog+Daemon+is+not+receiving+messages

0 Helpful
Customers Also Viewed These Support Documents