Re: [syslog-ng] Routers don´t send syslog
Can you ping from other routers to the syslog-ng server and vice versa? Have you checked whether there is firewall or ACL in the router toward the syslog server? Warm Regards, Maurice Manurung http://www.flixya.com/referrer.php?ref=osmaniaindo ----- Original Message ---- From: Roberto Dud <roberto.dud@gmail.com> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Sent: Thursday, August 9, 2007 7:51:41 AM Subject: Re: [syslog-ng] Routers don´t send syslog Helo Mrs, Humm...maybe this is my problem. My syslog-ng server is behind a VLAN, the only Router with send syslog messages for the server is the same router with my syslog-ng is conected. Other routers, don´t send. I run tcpdump on the server and don´t get anyone messages, but in the routers everyhting is ok. Other equipments is ok, linux servers and switchs. Have any idea? Thanks, Dud. On 8/8/07, John Hala < john.hala@villanova.edu> wrote:I had a similar issue where my Management VLAN was blackholing the messages and it was never getting to the syslog server. I don't know your setup, but I had to blow away this Management VLAN. regards -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu ] On Behalf Of Werner Thal Sent: Wednesday, August 08, 2007 4:33 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Routers don´t send syslog Hallo Roberto, my Router-Config looks similar to yours, so I think this will be correct. So did you check if the router-messages reach your syslog-ng server? If not, just use a sniffer like ethereal/wireshark for that. regards Werner Am Mittwoch, 8. August 2007 05:08 schrieb Roberto Dud:
Mrs,
I have a lot of Routers configured to send logs to syslog-ng, but isn´t work. Only 1 router send ok, others 10 not ok.
My configuration on routers is the same:
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone
logging <my ip> logging buffered 10000 debugging
logging trap debugging
I check with command :
show logging
And it´s ok, for me.
Anyone have a problema with routers?
Thanks,
Dud.
-- ___________________________________________________________________________ A Linux-Server is like a tent: no windows, no gates and an apache inside... _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Yes, I make a lot of tests, and I did check ACL´s and Firewall. Only problem is from Routers, switchs and servers work fine. I think I will open a ticket in Cisco.com, maybe. Thanks, Dud. On 8/9/07, Maurice Manurung <osmaniaindo@yahoo.com> wrote:
Can you ping from other routers to the syslog-ng server and vice versa? Have you checked whether there is firewall or ACL in the router toward the syslog server?
Warm Regards,
Maurice Manurung http://www.flixya.com/referrer.php?ref=osmaniaindo
----- Original Message ---- From: Roberto Dud <roberto.dud@gmail.com> To: Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> Sent: Thursday, August 9, 2007 7:51:41 AM Subject: Re: [syslog-ng] Routers don´t send syslog
Helo Mrs,
Humm...maybe this is my problem. My syslog-ng server is behind a VLAN, the only Router with send syslog messages for the server is the same router with my syslog-ng is conected.
Other routers, don´t send. I run tcpdump on the server and don´t get anyone messages, but in the routers everyhting is ok.
Other equipments is ok, linux servers and switchs.
Have any idea?
Thanks,
Dud.
On 8/8/07, John Hala < john.hala@villanova.edu> wrote:
I had a similar issue where my Management VLAN was blackholing the messages and it was never getting to the syslog server. I don't know your setup, but I had to blow away this Management VLAN.
regards
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu ] On Behalf Of Werner Thal Sent: Wednesday, August 08, 2007 4:33 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Routers don´t send syslog
Hallo Roberto,
my Router-Config looks similar to yours, so I think this will be correct. So did you check if the router-messages reach your syslog-ng server? If not, just use a sniffer like ethereal/wireshark for that.
regards Werner
Am Mittwoch, 8. August 2007 05:08 schrieb Roberto Dud:
Mrs,
I have a lot of Routers configured to send logs to syslog-ng, but isn´t work. Only 1 router send ok, others 10 not ok.
My configuration on routers is the same:
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone
logging <my ip> logging buffered 10000 debugging logging trap debugging
I check with command :
show logging
And it´s ok, for me.
Anyone have a problema with routers?
Thanks,
Dud.
--
___________________________________________________________________________ A Linux-Server is like a tent: no windows, no gates and an apache inside... _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hallo Robert, I don't really think that this might be your problem, but before opening a cisco case you should try the command "logging source-interface" and set this to the Management-Interface of the Router or an appropriate IP that ist routed, reachable from the syslog-ng and not blocked by any ACL/FW. Please also check the "ip default-gateway" entry of the router. C U Werner Am Donnerstag, 9. August 2007 10:03 schrieb Roberto Dud:
Yes,
I make a lot of tests, and I did check ACL´s and Firewall. Only problem is from Routers, switchs and servers work fine.
I think I will open a ticket in Cisco.com, maybe.
Thanks,
Dud.
On 8/9/07, Maurice Manurung <osmaniaindo@yahoo.com> wrote:
Can you ping from other routers to the syslog-ng server and vice versa? Have you checked whether there is firewall or ACL in the router toward the syslog server?
Warm Regards,
Maurice Manurung http://www.flixya.com/referrer.php?ref=osmaniaindo
----- Original Message ---- From: Roberto Dud <roberto.dud@gmail.com> To: Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> Sent: Thursday, August 9, 2007 7:51:41 AM Subject: Re: [syslog-ng] Routers don´t send syslog
Helo Mrs,
Humm...maybe this is my problem. My syslog-ng server is behind a VLAN, the only Router with send syslog messages for the server is the same router with my syslog-ng is conected.
Other routers, don´t send. I run tcpdump on the server and don´t get anyone messages, but in the routers everyhting is ok.
Other equipments is ok, linux servers and switchs.
Have any idea?
Thanks,
Dud.
On 8/8/07, John Hala < john.hala@villanova.edu> wrote:
I had a similar issue where my Management VLAN was blackholing the messages and it was never getting to the syslog server. I don't know your setup, but I had to blow away this Management VLAN.
regards
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu ] On Behalf Of Werner Thal Sent: Wednesday, August 08, 2007 4:33 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Routers don´t send syslog
Hallo Roberto,
my Router-Config looks similar to yours, so I think this will be correct. So did you check if the router-messages reach your syslog-ng server? If not, just use a sniffer like ethereal/wireshark for that.
regards Werner
Am Mittwoch, 8. August 2007 05:08 schrieb Roberto Dud:
Mrs,
I have a lot of Routers configured to send logs to syslog-ng, but isn´t work. Only 1 router send ok, others 10 not ok.
My configuration on routers is the same:
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone
logging <my ip> logging buffered 10000 debugging logging trap debugging
I check with command :
show logging
And it´s ok, for me.
Anyone have a problema with routers?
Thanks,
Dud.
--
___________________________________________________________________________ A Linux-Server is like a tent: no windows, no gates and an apache inside... _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- ___________________________________________________________________________ A Linux-Server is like a tent: no windows, no gates and an apache inside...
Hi Werner and All Mrs, I solve my problem, the solution is: I change the logging source-interface and the origin-id string I put the same string on my /etc/hosts of my syslog-ng server. Now all of my configurations is: service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone logging trap debugging logging origin-id string (same of /etc/hosts) logging source-interface Loopback0 logging (my log server ip) Thanks a lot for all suport!!! []´s Dud. On 8/9/07, Werner Thal <wt@krzn.de> wrote:
Hallo Robert,
I don't really think that this might be your problem, but before opening a cisco case you should try the command "logging source-interface" and set this to the Management-Interface of the Router or an appropriate IP that ist routed, reachable from the syslog-ng and not blocked by any ACL/FW. Please also check the "ip default-gateway" entry of the router.
C U Werner
Am Donnerstag, 9. August 2007 10:03 schrieb Roberto Dud:
Yes,
I make a lot of tests, and I did check ACL´s and Firewall. Only problem is from Routers, switchs and servers work fine.
I think I will open a ticket in Cisco.com, maybe.
Thanks,
Dud.
On 8/9/07, Maurice Manurung <osmaniaindo@yahoo.com> wrote:
Can you ping from other routers to the syslog-ng server and vice
versa?
Have you checked whether there is firewall or ACL in the router toward the syslog server?
Warm Regards,
Maurice Manurung http://www.flixya.com/referrer.php?ref=osmaniaindo
----- Original Message ---- From: Roberto Dud <roberto.dud@gmail.com> To: Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> Sent: Thursday, August 9, 2007 7:51:41 AM Subject: Re: [syslog-ng] Routers don´t send syslog
Helo Mrs,
Humm...maybe this is my problem. My syslog-ng server is behind a VLAN, the only Router with send syslog messages for the server is the same router with my syslog-ng is conected.
Other routers, don´t send. I run tcpdump on the server and don´t get anyone messages, but in the routers everyhting is ok.
Other equipments is ok, linux servers and switchs.
Have any idea?
Thanks,
Dud.
On 8/8/07, John Hala < john.hala@villanova.edu> wrote:
I had a similar issue where my Management VLAN was blackholing the messages and it was never getting to the syslog server. I don't
know your
setup, but I had to blow away this Management VLAN.
regards
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu ] On Behalf Of Werner Thal Sent: Wednesday, August 08, 2007 4:33 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Routers don´t send syslog
Hallo Roberto,
my Router-Config looks similar to yours, so I think this will be correct. So did you check if the router-messages reach your syslog-ng server? If not, just use a sniffer like ethereal/wireshark for that.
regards Werner
Am Mittwoch, 8. August 2007 05:08 schrieb Roberto Dud:
Mrs,
I have a lot of Routers configured to send logs to syslog-ng, but isn´t work. Only 1 router send ok, others 10 not ok.
My configuration on routers is the same:
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone
logging <my ip> logging buffered 10000 debugging logging trap debugging
I check with command :
show logging
And it´s ok, for me.
Anyone have a problema with routers?
Thanks,
Dud.
--
A Linux-Server is like a tent: no windows, no gates and an apache inside... _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
--
___________________________________________________________________________ A Linux-Server is like a tent: no windows, no gates and an apache inside... _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
Maurice Manurung
-
Roberto Dud
-
Werner Thal