Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2400
Views
15
Helpful
10
Replies

WLC Doesn't Send Logs to SysLog Server

Go to solution
WGL_BK
Level 1
Level 1

‎08-26-2020 09:46 AM - edited ‎07-05-2021 12:26 PM

Hello all.

I've set my 5520 to send syslog messages to my remote syslog server (Solarwinds) but I'm seeing no logs generated over a couple weeks. This is my current config. I've tried setting the facility level to Syslog and to Local 0 but nothing seems to work. Have I misconfigured something here? I'm hoping to get as much information as possible from the WLC for troubleshooting purposes.


Screenshot from 2020-08-26 11-25-08.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP
In response to WGL_BK

‎08-26-2020 12:37 PM

Based on this output, it seems WLC sending syslog. I would check on solarwinds side to see if it receive these syslogs. If you can take a few min wireshark packet capture of WLC trunk port, that tells exact story.

 

- Logging filter level.......................... informational
- Number of system messages logged.............. 2095803
- Number of system messages dropped............. 170230

 

HTH

Rasika

View solution in original post

10 Replies 10

Go to solution
marce1000
VIP
VIP

‎08-26-2020 10:22 AM

 

 - Try adding another syslog-server/type as a sanity test.

 M,



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
WGL_BK
Level 1
Level 1
In response to marce1000

‎08-26-2020 12:30 PM

Thanks for the quick reply. I put Kiwi syslog on another PC and I'm waiting for results.

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP

‎08-26-2020 12:25 PM

Pls check "show logging" output from WLC CLI and see if that give any indication of msg being logged

 

HTH

Rasika

Go to solution
WGL_BK
Level 1
Level 1
In response to Rasika Nayanajith

‎08-26-2020 12:29 PM

Hi, thanks for your reply. Below is the syslog section of the command:

 

Logging to syslog :
- Syslog facility................................ local7
- Logging of system messages to syslog :
- Logging filter level.......................... informational
- Number of system messages logged.............. 2095803
- Number of system messages dropped............. 170230
- Logging of debug messages to syslog ........... Disabled

--More-- or (q)uit
- Number of debug messages logged............... 0
- Number of debug messages dropped.............. 0
- Number of remote syslog hosts.................. 1
- syslog over tls................................ Disabled
- syslog over ipsec.............................. Disabled
- ipsec profile inuse for syslog................. none
- Host 0....................................... 10.0.99.51

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP
In response to WGL_BK

‎08-26-2020 12:37 PM

Based on this output, it seems WLC sending syslog. I would check on solarwinds side to see if it receive these syslogs. If you can take a few min wireshark packet capture of WLC trunk port, that tells exact story.

 

- Logging filter level.......................... informational
- Number of system messages logged.............. 2095803
- Number of system messages dropped............. 170230

 

HTH

Rasika

Go to solution
WGL_BK
Level 1
Level 1
In response to Rasika Nayanajith

‎08-26-2020 12:46 PM

Hmm, thank you Rasika. I'll try to tackle this from the recipient server side.

0 Helpful

Go to solution
WGL_BK
Level 1
Level 1
In response to Rasika Nayanajith

‎08-26-2020 12:52 PM

I may have jumped the gun here. Wireshark isn't showing UDP 514 destined traffic from my WLC, mostly SNMP instead.

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP
In response to WGL_BK

‎08-26-2020 01:21 PM

I would remove and re-add those syslog host configuration & check again.

config logging syslog host server_IP_address

https://www.cisco.com/c/en/us/support/docs/wireless/4100-series-wireless-lan-controllers/107252-WLC-Syslog-Server.html 

 

HTH

Rasika

0 Helpful

Go to solution
WGL_BK
Level 1
Level 1
In response to Rasika Nayanajith

‎08-26-2020 01:40 PM

I found the problem. Someone had an interface on the WLC with an IP address that would have been in the same subnet (10.0.99.x) as the syslog server but it was unused and not in a proper vlan. They hadn't removed it so the WLC was using this interface and sending the traffic to nowhere. Silly situation. Thank you for the guidance.

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP
In response to WGL_BK

‎08-26-2020 01:43 PM

Good to hear you found the issue. Yes, it is a simple mistake... 

 

Rasika

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card