Hi @Kasun Bandara , thank you for your reply. I also setup for Nexus 9000 & Cisco APIC to push log to the same syslog server and the log appear only to one single same file.

Thank you.

Here are the results of the "sh run | s logging".

logging console critical
logging monitor notifications
logging source-interface Vlanxx
logging host x.x.x.x transport tcp port 514
logging synchronous
logging synchronous

Thank you

Thanks, I don't see anything odd on the output. Would you mind please to share the same command output adding "all" keyword after "run":

sh run all | s logging

Here is the output of "sh run all | s logging".

no service pt-vty-logging
no logging discriminator
logging exception 4096
no logging count
no logging message-counter log
no logging message-counter debug
logging message-counter syslog
no logging snmp-authfail
no logging userinfo
logging buginf
logging queue-limit 1024
logging queue-limit esm 0
logging queue-limit trap 1024
logging buffered 4096 debugging
logging reload message-limit 1000 notifications
no logging persistent
logging rate-limit console 40 except errors
no logging console guaranteed
logging console critical
logging monitor notifications
logging cns-events informational
logging on
ip dhcp conflict logging
no authentication logging verbose
no access-session wireless event-logging enable session-limit 0 event-limit 0
access-session event-logging enable session-limit 600 event-limit 400
no mab logging verbose
no device-tracking logging packet drop
no device-tracking logging theft
no device-tracking logging resolution-veto
no dot1x logging verbose
logging event link-status
*****repeated same output*****
logging event link-status
logging esm config
logging history size 1
logging history warnings
logging trap informational
logging delimiter tcp
no logging origin-id
logging facility local7
logging source-interface Vlanxx
logging server-arp
logging host x.x.x.x transport tcp port 514
snmp-server enable logging setop
logging synchronous
logging synchronous
no device-tracking binding logging
netconf-yang cisco-ia logging ciaauthd-log-level error
netconf-yang cisco-ia logging confd-log-level error
netconf-yang cisco-ia logging nes-log-level error
netconf-yang cisco-ia logging onep-log-level error
netconf-yang cisco-ia logging sync-log-level error

Thank you!

I still can't see anything odd. I would suggest getting engaged with TAC at this point.

do you use any EEM or Schedule backup ??

MHM

Hi @MHM Cisco World ,

Yes, I do setup schedule backup. Below is the configuration if you require it.

kron occurrence Weekly_Sat_3AM at 3:00 Sat recurring
  policy-list Kron_Backup_Config_to_SFTP
kron policy-list Kron_Backup_Config_to_SFTP
  cli event manager run Backup_Config_to_SFTP

event manager applet Backup_Config_to_SFTP
  description **Upload running-config into SFTP server**
  event none
  action 0.01 info type routername
  action 1.01 cli command "enable"
  action 1.02 cli command "show clock"
  action 1.03 regexp "(2[0-3]|[01][0-9]):([0-6][0-9]):([0-6][0-9])" "$_cli_result" time hour minute second
  action 1.11 cli command "show clock"
  action 1.12 regexp "(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ([1-9]|0[1-9]|[1-2][0-9]|3[0-1]) (20[1-9][0-9])" "$_cli_result" time2 month day year
  action 2.01 cli command "configure terminal"
  action 2.02 cli command "file prompt quiet"
  action 2.03 cli command "do copy running-config sftp://***/$_info_routername/$_info_routername-$year$month$day-$hour$minute.log"
  action 2.04 cli command "no file prompt quiet"

Thank you!

linux - Issue with rsyslog creating mutliple log files from a remote cisco switch - Server Fault

MHM

Hi @MHM Cisco World ,

Thanks. I'll let the linux/server team to look for this and see the results after it.