Re: What does 'link down" mean when viewing output of sh logging - Page 2

fatboyinva · ‎01-13-2010

On a 3560 I have (2) syslog servers defined. Both are up and operational and reachable via ping from the switch. However on the second defined logging server on the output of the sh logging command it states a "link down" (see below for command output). This syslog server is not receiving any syslog traps defined. The logging defined is logging trap warnings. I have verified trap messages are in the log output at the defined severity level and above(error/critical). My assumption is that the link down has something to do with why no syslog is being sent to this server.

   Logging to x.x.x.x (udp port 514, audit disabled,
              authentication disabled, encryption disabled, link up),
              225 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging to x.x.x.x (udp port 514, audit disabled,
              authentication disabled, encryption disabled, link down),
              0 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

thanks,

james

Okidusk · ‎04-02-2020

This worked for me, thanks!

AdityaThammineni1502 · ‎05-26-2020

This worked like a charm (y)

RBrower · ‎04-28-2023

Maybe this was poor form, but I sure appreciate it because I had been trying to fix this on our core and a reboot was out of the question. Still relevant nearly 10 years later.

ship-west · ‎08-28-2023

Disabling the logging did not work for me. Changing to a different logging level and back did work.

rossbarbour · ‎08-20-2021

Just experienced this after changing versions on a 4948 switch.

After further testing it would appear that the "link down" message is an indicator that 0 messages have been sent and nothing to do with whether or not packet are getting to or being received at the "logging host w.x.y.z" device (it's UDP! so its send and forget)

To force a message to get through
#send log 5 "Test syslog message"

would attempt to send a message at SYSLOG level 5 (NOTICE).

On a old s/w version this worked fine when

"logging trap warnings"
was configured
but after upgrading to a newer version of code

"logging trap warnings"

seemed to stop the

send log 5 "Test syslog message"

getting sent which makes sense if you've configured it to ONLY send "syslog WARNINGS" (which is level 4) and NOT "syslog NOTICE" (which is level 5).
and should also appear in the output of "show logging" assuming normal config.

I'm sure these should send messages at the same level or LOWER

e.g.
0 Emergency e
1 Alert alert
2 Critical
3 Error
4 Warning
5 Notice
6 Informational
7 Debug

So sending at a lower number
send log 1 "Test syslog message"
is more likely to get sent compared to

send log 7 "Test syslog message"
and depends on how you've configured your device.

logging trap xxxxxx

Bottom line is that "link down" is a bit of a red herring and really just means I've not send a message to the configured "logging host"
Once a message has been sent it goes "link up" and if you reboot it will stay at "link down" until a syslog message gets sent to the logging host.

Whether the device sends a syslog message is based on configuration AND also when events/traps actually happen (or are forced into the log with the "send log" command as shown above)

Hope this helps.

What does 'link down" mean when viewing output of sh logging for a specific logging to server?