This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NetSight: Syslog source ip is missing

NetSight: Syslog source ip is missing

Chacko
Contributor

‎02-15-2017 07:52 AM

Our switches are sending syslog events to the netsight server.
In the file /var/log/syslog/ I can see, that the messages being received - but in the NetSight Console, I can't see the source-ip.
Without the IP it's hard to find the right events 🙂

Does anyone have ideas?

NetSight 7.0.6.27
EXOS 16.1.3.6
Summit X460

Syslog conf:
Log Target : syslog; :514 (vr VR-Mgmt), local0 from
Enabled : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Debug-Data (through Critical)
Format : PRI Mmm DD HH:MM:SS HOSTNAME TAG:
0 Kudos
6 REPLIES 6

Chacko
Contributor

‎03-22-2017 01:40 PM

Is there a reason why you are using the syslog-facility local4?
I'm aware of the syslog-facilities in general, but I haven't found information regarding that by Extreme.
Anyway, I think I found your problem: The format of your syslog-target is wrong:
Format : DD-MM-YYYY HH:MM:SS TAG[pid]:

Maybe you should use a command like this:
configure log target syslog 10.58.36.210 format timestamp seconds date yyyy-mm-dd tag-id tag-name
https://gtacknowledge.extremenetworks.com/articles/Solution/Syslog-from-XOS-devices-have-no-source-I...

Best Regards
Chacko
0 Kudos

aloeffle
Contributor
In response to Chacko

‎03-22-2017 01:40 PM

Hi Chacko.

you point me to the right way.
I need to remove the "date" statement.

configure log target syslog 10.0.10.57:514 vr VR-Default local4 format timestamp seconds date none event-name none tag-id tag-nameNow the correct source is shown in netsight.

thanks
Alexander

0 Kudos

aloeffle
Contributor

‎03-22-2017 08:50 AM

Dear Oscar, Chacko.
I have the same situation. Removing the "host-name" statement did not help.

NetSight: 7.1.1.9
X450G2 with xos 22.2.1.5

Here is my config:

* X450G2-48p-10G4.5 # show config ems

# Module ems configuration.

configure syslog add 10.0.10.57:514 vr VR-Default local4

configure log target syslog 10.0.10.57:514 vr VR-Default local4 from 10.0.10.55

enable log target syslog 10.0.10.57:514 vr VR-Default local4

configure log target syslog 10.0.10.57:514 vr VR-Default local4 filter DefaultFilter severity Debug-Data

configure log target syslog 10.0.10.57:514 vr VR-Default local4 match Any

configure log target syslog 10.0.10.57:514 vr VR-Default local4 format timestamp seconds date dd-mm-yyyy event-name none tag-id tag-name

* X450G2-48p-10G4.5 # show vlan

Untagged ports auto-move: Off

-----------------------------------------------------------------------------------------------

Name VID Protocol Addr Flags Proto Ports Virtual

-----------------------------------------------------------------------------------------------

Default 1 10.0.10.55 /24 ------------T--------------- ANY 1 /52 VR-Default

Mgmt 4095 ------------------------------------------------ ANY 0 /1 VR-Mgmt

-----------------------------------------------------------------------------------------------

* X450G2-48p-10G4.6 # show log configuration

Log Target : syslog; 10.0.10.57:514 (vr VR-Default), local4 from 10.0.10.55

Enabled : yes

Filter Name : DefaultFilter

Match regex : Any

Severity : Debug-Data (through Critical)

Format : DD-MM-YYYY HH:MM:SS TAG[pid]:

Port Type : UDP

5395015a002f4435b7113a9658904178_RackMultipart20170322-67602-syi2tg-NetSight_7_-_no_syslog_source_ip_for_xos_inline.jpg



EMS shows as source "22" !? instead of 10.0.10.55.

Whats wrong with my config?

thanks for your help.
Alex
0 Kudos

OscarK
Extreme Employee

‎02-15-2017 11:50 AM

Hello Chacko, I stumbled on this before and wrote that article so hence I remembered it. Nice to know it fixed it.
0 Kudos
GTM-P2G8KFN