Summit x460 syslog configuration help

  • 0
  • 1
  • Question
  • Updated 9 months ago
  • Answered
Hello all, I need assistance configuring syslog to work correctly with a trial software called EventLog Analyzer. I followed the instructions here:

enable syslog
configure syslog add <ip_address> vr <virtual-router> local0
configure syslog <ip_address> vr <virtual-router> local0 severity info
enable log target syslog <ip_address>:<514> vr <virtual-router> local0

When I go to the syslog server, the only events displaying are "Setting hwclock time to system time and broadcasting time".

I thought I would be seeing alot more information. As far as the switch goes, did I enter wrong information?
Photo of David

David

  • 282 Points 250 badge 2x thumb
  • Confused

Posted 1 year ago

  • 0
  • 1
Photo of aloeffle

aloeffle

  • 964 Points 500 badge 2x thumb

Hello David.


here is my example config which works fine.


configure syslog add 10.0.10.57:514 vr VR-Default local0

configure log target syslog 10.0.10.57:514 vr VR-Default local0 from 10.0.10.55

enable log target syslog 10.0.10.57:514 vr VR-Default local0


I think you also  need to configure the log target syslog.

Firmware 22.2.1.5


hth

Alex

(Edited)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 47,212 Points 20k badge 2x thumb
Here my lab X460G2 syslog settings...

configure syslog add 172.24.24.110:514 vr VR-Mgmt local0
enable log target syslog 172.24.24.110:514 vr VR-Mgmt local0
configure log target syslog 172.24.24.110:514 vr VR-Mgmt local0 filter DefaultFilter severity Info
configure log target syslog 172.24.24.110:514 vr VR-Mgmt local0 match Any
configure log target syslog 172.24.24.110:514 vr VR-Mgmt local0 format timestamp seconds date mm/dd/yyyy event-name none tag-id tag-name

The question is what kind of messages are you looking for ?
Photo of David

David

  • 282 Points 250 badge 2x thumb
I guess I expected more that just time updates, such as a port going down because of a computer reboot. Maybe I should be patient or see if I can reboot a device connected to a switch that has my syslog configuration. I'll also edit the config just in case. 

I appreciate the info!
Photo of Frank

Frank

  • 3,722 Points 3k badge 2x thumb
Hmmm - I have the same config as Ronald and I do get entries like this:

Jul 25 04:30:57 <switchname> vlan.msgs: Port 46 link down
Jul 25 04:31:00 <switchname> vlan.msgs: Port 46 link UP at speed 1 Gbps and full-duplex

I also get notices when inserting/removing SFPs.

Stupid question: is your syslog server possibly filtering? Or is it possible it's not logging "local0" to the 'right' place?
Photo of David

David

  • 282 Points 250 badge 2x thumb
I guess I wasn't being patient as I am now seeing changes. It seems like there is a delayed response in logs but I'm not sure if that's natural or if there's a way to change how often syslogs are sent to the server.
Photo of David

David

  • 282 Points 250 badge 2x thumb
Hello all, just a follow up...4 months later lol

What reason would I choose a different severity level? I also see debug-verbose, warning, and other options.

I want to be sure I get all the information the switch has to offer.