Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1406
Views
0
Helpful
5
Replies

Cisco SPA112 Syslog not sending messages to external server

Go to solution
Schultzter
Level 1
Level 1

‎04-17-2020 09:03 AM

Good morning

 

I have a Cisco SPA112, latest firmware 1.4.1 (SR5), configured to send logs to Papertrail but it seems to only be trying to send the logs to itself?! Why isn't it using the IP address I configured?

 

This is the message I see regularly when I look at the logs locally:

Apr 17 11:23:33 ata1 syslog.err syslog-ng[2738]: Error connecting to remote host AF_INET(127.0.0.1:21487), reattempting in 60 second

 

But for the Syslog Server, in Administration > Log > Log Setting I have the Papertrail server configured. 

2020-04-17 11_59_04-Window.png

 

What do I have to do to get it to send logs to the configured IP address? It seems to have picked-up the port but not the IP address?!

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Lukes
VIP Alumni
VIP Alumni
In response to Schultzter

‎04-17-2020 08:15 PM

I'm unsire what's the goal

I configured an IP address to send the logs to but the SPA112 is sending them to itself instead. I think that's a bug but maybe I missed something?

I got the question. I didn't got the goal because SPA112 kernel messages seems to be good for nothing. I'm technician of several large SPAxxx based VoIP networks but I never missed those messages. Note I'm speaking about kernel syslog messages only. Voice Application messages are valuable source information.

 

OK. To answer your question - it seems you hit a bug. According  my experience with Cisco support and because of little or no value of those messages, I guess it will not be patched in reasonable future. Use email if you really wish to see them.

 

how do I specify the port in that configuration? And to use TLS?

Voice Application of SPA112 supports standard syslog (RFC3164) - e.g UDP to port 514.  It supports logging non-standard use of TCP protocol and use of non-standard target port as well (use a.b.c.d:port to configure it). Other non-standard transport protocols like TLS are not supported. But you can arrange a local syslog forwarder with support for whatever transport protocol you wish.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Dan Lukes
VIP Alumni
VIP Alumni

‎04-17-2020 02:47 PM

I'm unsire what's the goal, but you may be interested to know the SPA112 produces two kinds of syslog messages.  The configuration you mentioned is related to syslog messages fired by system kernel.  Those messages will not help you to solve issues related to SIP events and operations. May be you are interested to capture messages generated by Voice APplication running on SPA112 instead.

See

Debug and syslog Messages from SPA1x2 and SPA232D ATA

for more.

0 Helpful

Go to solution
Schultzter
Level 1
Level 1
In response to Dan Lukes

‎04-17-2020 05:17 PM

Good evening

 

@Dan Lukes wrote:

I'm unsire what's the goal

I configured an IP address to send the logs to but the SPA112 is sending them to itself instead. I think that's a bug but maybe I missed something?

 

@Dan Lukes wrote:

May be you are interested to capture messages generated by Voice APplication running on SPA112 instead.

See

Debug and syslog Messages from SPA1x2 and SPA232D ATA

for more.

Yes, I saw that and followed the steps, but how do I specify the port in that configuration? And to use TLS?

Thanks

0 Helpful

Go to solution
Dan Lukes
VIP Alumni
VIP Alumni
In response to Schultzter

‎04-17-2020 08:15 PM

I'm unsire what's the goal

I configured an IP address to send the logs to but the SPA112 is sending them to itself instead. I think that's a bug but maybe I missed something?

I got the question. I didn't got the goal because SPA112 kernel messages seems to be good for nothing. I'm technician of several large SPAxxx based VoIP networks but I never missed those messages. Note I'm speaking about kernel syslog messages only. Voice Application messages are valuable source information.

 

OK. To answer your question - it seems you hit a bug. According  my experience with Cisco support and because of little or no value of those messages, I guess it will not be patched in reasonable future. Use email if you really wish to see them.

 

how do I specify the port in that configuration? And to use TLS?

Voice Application of SPA112 supports standard syslog (RFC3164) - e.g UDP to port 514.  It supports logging non-standard use of TCP protocol and use of non-standard target port as well (use a.b.c.d:port to configure it). Other non-standard transport protocols like TLS are not supported. But you can arrange a local syslog forwarder with support for whatever transport protocol you wish.

0 Helpful

Go to solution
Schultzter
Level 1
Level 1
In response to Dan Lukes

‎04-18-2020 05:41 AM

Good morning

Thanks, that is very helpful!

I configured the syslog and Debug on Voice > System > Miscellaneous.

There is a dropdown that allows me to select TLS but it doens't work - I
suspect because everyone is getting very picky about valid certificates
these days.

It does work with UDP and an IP address:port configuration.

And I've turned off the system and kernel logs.

Thanks again.
0 Helpful

Go to solution
Dan Lukes
VIP Alumni
VIP Alumni
In response to Schultzter

‎04-18-2020 09:43 AM

I configured the syslog and Debug on Voice > System > Miscellaneous. There is a dropdown that allows me to select TLS

Oh, new feature I has not been aware of. Sorry.

 

but it doens't work - I suspect because everyone is getting very picky about valid certificates these days.

I thing so.Syslog server certificate is not issued by CA considered trusted. Use Custom CA Rule to import CA certificate into list of trusted CAs.

0 Helpful
Customers Also Viewed These Support Documents