This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems sending SYSLOG to Solarwinds

Problems sending SYSLOG to Solarwinds

Evan_R
New Contributor

‎01-13-2016 02:17 PM

I have pointed our Extreme switches to send SYSLOG messages to Solarwinds. We get IOS and IOS-XR messages OK, but for some reason we do not see the SYSLOG messages come into Solarwinds. I have opened a TAC case with Solarwinds and they determined that there were issues with the syslog messages as they apparently were "not formatted according to RFC 5424"

I am skeptical about this since I have had some modicum of success with other syslog servers capturing syslog messages from XOS, so I just want to verify that there should be no troubles with this and review the configuration so I ensure it is correct.

Here is the way I have our XOS devices configured:

create log filter solarwindscreate log filter memorybuffer
configure log filter solarwinds add events ISIS.NFSM.AdjChg
configure log filter solarwinds add events ospf.neighbor.ChgState
configure log filter solarwinds add events vlan.msgs.portLinkStateUp
configure log filter solarwinds add events vlan.msgs.portLinkStateDown
configure log filter memorybuffer add events ISIS.NFSM.AdjChg
configure log filter memorybuffer add events ospf.neighbor.ChgState
configure log filter memorybuffer add events vlan.msgs.portLinkStateUp
configure log filter memorybuffer add events vlan.msgs.portLinkStateDown
configure log filter memorybuffer add events cli.logRemoteCmd
configure log filter memorybuffer add events AAA.LogSsh
configure log filter memorybuffer add events pim.cache
configure log target memory-buffer filter memorybuffer severity Info
configure log target memory-buffer number-of-messages 20000
configure log target nvram filter DefaultFilter severity Info
configure syslog add 10.253.10.25:514 vr VR-Default local5
enable log target syslog 10.253.10.25:514 vr VR-Default local5
configure log target syslog 10.253.10.25:514 vr VR-Default local5 filter solarwinds severity Info
configure log target syslog 10.253.10.25:514 vr VR-Default local5 match Any
configure log target syslog 10.253.10.25:514 vr VR-Default local5 format timestamp seconds date Mmm-dd event-name none host-name tag-name

Slot-1 CoreSwitch# sh switch | inc Primary
Primary ver: 15.3.2.11 15.3.2.11

Thanks for the consideration

0 Kudos
6 REPLIES 6

Dorian_Perry
Extreme Employee

‎02-19-2016 01:39 PM

Hi Evan,

Yes, I believe using the default configuration may get the messages to be formatted according to RFC 5424 as mentioned above.

Please let us know if this works.

Regards,
0 Kudos

Evan_R
New Contributor

‎02-18-2016 02:11 PM

Hello

I apologize I got busy with other things and I forgot about this! I thank you for the replies.

When I run,
"unconfigure log target syslog 10.253.10.25:514 vr VR-Default local5 format"Configuration becomes:
# sh configuration "ems" | inc format configure log target syslog 10.253.10.25:514 vr VR-Default local5 format timestamp seconds date Mmm-dd event-name none priority tag-name
Is this what it should be? I will make these modifications and report back if it works.

Regards,
0 Kudos

Drew_C
Valued Contributor III

‎01-27-2016 07:52 PM

Hi Evan, Do you still need assistance with this issue?
0 Kudos

Dorian_Perry
Extreme Employee

‎01-18-2016 02:39 PM

As a test, could you try removing this line from the configuration to allow the syslog message format to be the default?
0 Kudos
GTM-P2G8KFN