ExtremeSwitching (EXOS)

  • 1.  Problems sending SYSLOG to Solarwinds

    Posted 01-13-2016 14:17
    I have pointed our Extreme switches to send SYSLOG messages to Solarwinds. We get IOS and IOS-XR messages OK, but for some reason we do not see the SYSLOG messages come into Solarwinds. I have opened a TAC case with Solarwinds and they determined that there were issues with the syslog messages as they apparently were "not formatted according to RFC 5424"

    I am skeptical about this since I have had some modicum of success with other syslog servers capturing syslog messages from XOS, so I just want to verify that there should be no troubles with this and review the configuration so I ensure it is correct.

    Here is the way I have our XOS devices configured:

    create log filter solarwindscreate log filter memorybuffer
    configure log filter solarwinds add events ISIS.NFSM.AdjChg
    configure log filter solarwinds add events ospf.neighbor.ChgState
    configure log filter solarwinds add events vlan.msgs.portLinkStateUp
    configure log filter solarwinds add events vlan.msgs.portLinkStateDown
    configure log filter memorybuffer add events ISIS.NFSM.AdjChg
    configure log filter memorybuffer add events ospf.neighbor.ChgState
    configure log filter memorybuffer add events vlan.msgs.portLinkStateUp
    configure log filter memorybuffer add events vlan.msgs.portLinkStateDown
    configure log filter memorybuffer add events cli.logRemoteCmd
    configure log filter memorybuffer add events AAA.LogSsh
    configure log filter memorybuffer add events pim.cache
    configure log target memory-buffer filter memorybuffer severity Info
    configure log target memory-buffer number-of-messages 20000
    configure log target nvram filter DefaultFilter severity Info
    configure syslog add 10.253.10.25:514 vr VR-Default local5
    enable log target syslog 10.253.10.25:514 vr VR-Default local5
    configure log target syslog 10.253.10.25:514 vr VR-Default local5 filter solarwinds severity Info
    configure log target syslog 10.253.10.25:514 vr VR-Default local5 match Any
    configure log target syslog 10.253.10.25:514 vr VR-Default local5 format timestamp seconds date Mmm-dd event-name none host-name tag-name

    Slot-1 CoreSwitch# sh switch | inc Primary
    Primary ver: 15.3.2.11 15.3.2.11

    Thanks for the consideration



  • 2.  RE: Problems sending SYSLOG to Solarwinds

    Posted 01-14-2016 23:19
    Hi Evan,

    Was the below line of configuration added manually or was it there by default?

    "configure log target syslog 10.253.10.25:514 vr VR-Default local5 format timestamp seconds date Mmm-dd event-name none host-name tag-name"


  • 3.  RE: Problems sending SYSLOG to Solarwinds

    Posted 01-15-2016 15:58
    Hello Dorian

    This was a manual addition.


  • 4.  RE: Problems sending SYSLOG to Solarwinds

    Posted 01-18-2016 14:39
    As a test, could you try removing this line from the configuration to allow the syslog message format to be the default?


  • 5.  RE: Problems sending SYSLOG to Solarwinds

    Posted 01-27-2016 19:52
    Hi Evan, Do you still need assistance with this issue?


  • 6.  RE: Problems sending SYSLOG to Solarwinds

    Posted 02-18-2016 14:11
    Hello

    I apologize I got busy with other things and I forgot about this! I thank you for the replies.

    When I run,
    "unconfigure log target syslog 10.253.10.25:514 vr VR-Default local5 format"[/code]Configuration becomes:
    # sh configuration "ems" | inc format configure log target syslog 10.253.10.25:514 vr VR-Default local5 format timestamp seconds date Mmm-dd event-name none priority tag-name [/code]
    Is this what it should be? I will make these modifications and report back if it works.

    Regards,


  • 7.  RE: Problems sending SYSLOG to Solarwinds

    Posted 02-19-2016 13:39
    Hi Evan,

    Yes, I believe using the default configuration may get the messages to be formatted according to RFC 5424 as mentioned above.

    Please let us know if this works.

    Regards,