Kiwi Syslog not getting Catalyst syslog messages 2

[teksaint]

I can't seem to get my Kiwi Syslog server to recieve messages from my Cataylst switches. Here is the syslog configuration I am using on the switches:

#version 7.5(1)

#syslog
set logging console disable
set logging server enable
set logging server 10.1.100.25
set logging level cdp 1 default
set logging level mcast 1 default
set logging level dtp 1 default
set logging level dvlan 1 default
set logging level earl 1 default
set logging level ip 1 default
set logging level pruning 1 default
set logging level snmp 1 default
set logging level spantree 1 default
set logging level sys 1 default
set logging level tac 1 default
set logging level tcp 1 default
set logging level telnet 1 default
set logging level tftp 1 default
set logging level vtp 1 default
set logging level vmps 1 default
set logging level kernel 1 default
set logging level filesys 1 default
set logging level pagp 1 default
set logging level mgmt 1 default
set logging level mls 1 default
set logging level protfilt 1 default
set logging level security 1 default
set logging level radius 1 default
set logging level udld 1 default
set logging level gvrp 1 default
set logging level qos 1 default
set logging level ethc 1 default
set logging server facility LOCAL0

To generate immediate traps I set the default level to 7. Do I need to configure Kiwi to listen on a certain port? My Cisco routers all send messages just fine. Any ideas?

Thanks!
Scott

 

[IPKONFIG]

You only have your switches reporting on level 1 issues. Try these two commands

set logging level all 3 default
set logging server severity 3

 

[IPKONFIG]

Forgot to tell you, that the above 2 commands will set your level of logging to 3 (errors), and send that level of event to your server, which in my opinion is what you need to be monitoring. When set to 1 (alerts) you don't get much information unless you have some catastrophic type of event. Some people like to see the spanning tree information, if you want that type of detail, then set the mgmt level to 6. It all depends on what your wanting to watch from your switches. Hope this helps.

 

[teksaint]

Right now they are set to 1, but I mentioned at the bottom of the post that even when I set them to 7 to generate tons of messages immediatly, I still don't receive them. I don't have a severity command in there so I will try adding that.

Thanks!
Scott

 

[IPKONFIG]

Let me know if you have any other issues.

 

[webnetwiz]

Ehh, can some point me in the right direction to do this on an IOs-based Cat4006? It's running 12.1(8a)EW1, and the only thing it logs is Local7.Notice conf by vty. The switch has like 9000 messages, and I want to dump all to a syslog server (Kiwi). Here's the current conf and sh logging output>>

Switch#sh run
logging buffered 5000 debugging
no logging console
no logging monitor
logging trap debugging
logging w.x.y.z

Switch#sh logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 9665 messages logged
Trap logging: level debugging, 9653 message lines logged
Logging to w.x.y.z, 9 message lines logged

Any thoughts??

 

[IPKONFIG]

This is what I have and it works fine:

logging trap debugging
logging source-interface Loopback0
logging 10.X.X.50
logging 10.X.X.49

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[webnetwiz]

Looks like that source-interface command did the job. Thanks

 

[shareq]

dear IPKONFIG
i am also configuring syslog sevr,for setting the logging do we need to set loopback() if so how to do i am new in this field as i have 3500 and 2900 switch and 3600 router.

 

[IPKONFIG]

You have to configure a loopback interface first. This works on all routers and IOS based switches.

config t
interface loopback 0
ip address x.x.x.x x.x.x.x
no shutdown
exit
logging trap debugging <---(I have debugging, you'll have to decide what level of logging you want)
logging source-interface Loopback0
logging X.X.X.X (address of syslog server)
logging X.X.X.X (address of any backup syslog servers)




&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts

 

[shareq]

can we assign the default vlan1/Ethernet ip address of switch/router for loopback() for this???

 

[IPKONFIG]

I was unaware that any switch/router that was shipped from Cisco had a default IP address assigned to it. Low end model maybe? Don't really know.

Why not just give the loopback a new IP address? Unless your using public IP addresses, I don't see what the issue would be.

&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts

 

[shareq]

whenever i assign ip on my switch to loopback interface its teling the address overlaps to vlan1 as i have vlan1 which is default with ip 131.2.6.3 255.255.0.0 i wana assigh the loopback 131.2.6.8255.255.0.0 which is free ip in my network range.

 

[IPKONFIG]

Well, that address cant be used because your mask on your vlan 1 is /16. Not to mention your using a public address space. Is this switch on the public network? Or are you using this space behind some firewall performing NAT?

If it's public, you can't use the address that you want. If it's private, then either add a new subnet to your internetwork.

Oh..btw..you can just create loopback 0 and don't assign an IP address to the interface, and syslog should still work. Try that one first.

&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts