Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11293
Views
5
Helpful
3
Replies

Unable to make router to send syslog messages to syslog server

Go to solution
gensonator
Level 1
Level 1

‎12-16-2012 07:46 PM - edited ‎03-07-2019 10:38 AM

Hi

I am using Solawinds syslog and trying to get our Cisco routers send syslogs to our syslog server.    I followed the procedure on

Configuring Cisco Devices to Use a Syslog Server from

http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3

Our Cisco swtches are all sending syslog messages but not the routers. I compared the config with our access switches but can't seem to find the problem:

           

-------------------

Sample router config:

service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname WWF-RT1
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 8
logging buffered 4096
logging rate-limit all 10
logging console critical
!
aaa new-model
!
!
aaa authentication attempts login 5
aaa authentication login default local
!
!
!
!
!
aaa session-id common
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name internalnc.sta.nsw.gov.au
ip name-server 172.9.200.29
ip name-server 172.9.200.30
login block-for 120 attempts 5 within 120
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1841 sn
archive
log config
  logging enable
  logging size 500
  notify syslog contenttype plaintext
  hidekeys
path flash:Config-Backup.txt
maximum 5
write-memory
time-period 1440

ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
ip ssh time-out 20
ip ssh authentication-retries 5
ip ssh version 2
!
logging trap warnings
logging source-interface Loopback0
logging 172.9.200.164

line con 0
exec-timeout 5 0
logging synchronous
line aux 0
exec-timeout 5 0
transport preferred none
transport output none
line vty 0 4
exec-timeout 15 0
timeout login response 10
logging synchronous
transport input telnet ssh
line vty 5 15
exec-timeout 15 0
logging synchronous
transport input telnet ssh

----------------------

Am I missing something here? or is there a command that prevents the router from sending the syslog to the server?

Please help.  Thanks ins advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎12-16-2012 07:48 PM

Hello,

A basic question - when you enter the following command on the router:

ping 172.9.200.164 source lo0

does the ping work successfully? As the Syslog is a UDP-based service, there are not many ways in which it can go wrong. Verifying the basic connectivity is a prerequisite; if it works then it you should check the path between the router and the Syslog server - check for firewalls, ACLs, perhaps settings on the Syslog server that could result in the messages from your router to be dropped.

You should perhaps also try to increase the trap level to informational using the logging trap informational - perhaps you just seem to not get any logging messages while there are no messages being currently generated with the severity of warning of more.

Best regards,

Peter

View solution in original post

3 Replies 3

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎12-16-2012 07:48 PM

Hello,

A basic question - when you enter the following command on the router:

ping 172.9.200.164 source lo0

does the ping work successfully? As the Syslog is a UDP-based service, there are not many ways in which it can go wrong. Verifying the basic connectivity is a prerequisite; if it works then it you should check the path between the router and the Syslog server - check for firewalls, ACLs, perhaps settings on the Syslog server that could result in the messages from your router to be dropped.

You should perhaps also try to increase the trap level to informational using the logging trap informational - perhaps you just seem to not get any logging messages while there are no messages being currently generated with the severity of warning of more.

Best regards,

Peter

Go to solution
gensonator
Level 1
Level 1
In response to Peter Paluch

‎12-16-2012 08:13 PM

Hi Peter,

You are right.  I am unable to reach the syslog server from the router interface loopback0.  I have changed the logging source-interface to the management vlan and it worked. 

Thanks a lot.

Genson Ator

0 Helpful

Go to solution
raxex1279557816
Level 1
Level 1
In response to Peter Paluch

‎01-28-2022 03:56 PM

Thank you Mr Paluch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card