08-26-2020 09:46 AM - edited 07-05-2021 12:26 PM
Hello all.
I've set my 5520 to send syslog messages to my remote syslog server (Solarwinds) but I'm seeing no logs generated over a couple weeks. This is my current config. I've tried setting the facility level to Syslog and to Local 0 but nothing seems to work. Have I misconfigured something here? I'm hoping to get as much information as possible from the WLC for troubleshooting purposes.
Solved! Go to Solution.
08-26-2020 12:37 PM
Based on this output, it seems WLC sending syslog. I would check on solarwinds side to see if it receive these syslogs. If you can take a few min wireshark packet capture of WLC trunk port, that tells exact story.
- Logging filter level.......................... informational
- Number of system messages logged.............. 2095803
- Number of system messages dropped............. 170230
HTH
Rasika
08-26-2020 10:22 AM
- Try adding another syslog-server/type as a sanity test.
M,
08-26-2020 12:30 PM
Thanks for the quick reply. I put Kiwi syslog on another PC and I'm waiting for results.
08-26-2020 12:25 PM
Pls check "show logging" output from WLC CLI and see if that give any indication of msg being logged
HTH
Rasika
08-26-2020 12:29 PM
Hi, thanks for your reply. Below is the syslog section of the command:
Logging to syslog :
- Syslog facility................................ local7
- Logging of system messages to syslog :
- Logging filter level.......................... informational
- Number of system messages logged.............. 2095803
- Number of system messages dropped............. 170230
- Logging of debug messages to syslog ........... Disabled
--More-- or (q)uit
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 1
- syslog over tls................................ Disabled
- syslog over ipsec.............................. Disabled
- ipsec profile inuse for syslog................. none
- Host 0....................................... 10.0.99.51
08-26-2020 12:37 PM
Based on this output, it seems WLC sending syslog. I would check on solarwinds side to see if it receive these syslogs. If you can take a few min wireshark packet capture of WLC trunk port, that tells exact story.
- Logging filter level.......................... informational
- Number of system messages logged.............. 2095803
- Number of system messages dropped............. 170230
HTH
Rasika
08-26-2020 12:46 PM
Hmm, thank you Rasika. I'll try to tackle this from the recipient server side.
08-26-2020 12:52 PM
I may have jumped the gun here. Wireshark isn't showing UDP 514 destined traffic from my WLC, mostly SNMP instead.
08-26-2020 01:21 PM
I would remove and re-add those syslog host configuration & check again.
config logging syslog host server_IP_address
HTH
Rasika
08-26-2020 01:40 PM
I found the problem. Someone had an interface on the WLC with an IP address that would have been in the same subnet (10.0.99.x) as the syslog server but it was unused and not in a proper vlan. They hadn't removed it so the WLC was using this interface and sending the traffic to nowhere. Silly situation. Thank you for the guidance.
08-26-2020 01:43 PM
Good to hear you found the issue. Yes, it is a simple mistake...
Rasika
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide