Header Only - DO NOT REMOVE - Extreme Networks

Summit x460 syslog configuration help


Hello all, I need assistance configuring syslog to work correctly with a trial software called EventLog Analyzer. I followed the instructions here:

[i]enable syslog
configure syslog add [i] vr local0
configure syslog [i] vr local0 severity info
enable log target syslog :<514> vr local0

When I go to the syslog server, the only events displaying are "Setting hwclock time to system time and broadcasting time".

I thought I would be seeing alot more information. As far as the switch goes, did I enter wrong information?

6 replies

Userlevel 2
Hello David.

here is my example config which works fine.



configure syslog add 10.0.10.57:514 vr VR-Default local0

configure log target syslog 10.0.10.57:514 vr VR-Default local0 from 10.0.10.55

enable log target syslog 10.0.10.57:514 vr VR-Default local0


I think you also need to configure the log target syslog.

Firmware 22.2.1.5

hth

Alex
Userlevel 7
Here my lab X460G2 syslog settings...

configure syslog add 172.24.24.110:514 vr VR-Mgmt local0
enable log target syslog 172.24.24.110:514 vr VR-Mgmt local0
configure log target syslog 172.24.24.110:514 vr VR-Mgmt local0 filter DefaultFilter severity Info
configure log target syslog 172.24.24.110:514 vr VR-Mgmt local0 match Any
configure log target syslog 172.24.24.110:514 vr VR-Mgmt local0 format timestamp seconds date mm/dd/yyyy event-name none tag-id tag-name

The question is what kind of messages are you looking for ?
I guess I expected more that just time updates, such as a port going down because of a computer reboot. Maybe I should be patient or see if I can reboot a device connected to a switch that has my syslog configuration. I'll also edit the config just in case.

I appreciate the info!
Userlevel 5
Hmmm - I have the same config as Ronald and I do get entries like this:

Jul 25 04:30:57 vlan.msgs: Port 46 link down
Jul 25 04:31:00 vlan.msgs: Port 46 link UP at speed 1 Gbps and full-duplex

I also get notices when inserting/removing SFPs.

Stupid question: is your syslog server possibly filtering? Or is it possible it's not logging "local0" to the 'right' place?
I guess I wasn't being patient as I am now seeing changes. It seems like there is a delayed response in logs but I'm not sure if that's natural or if there's a way to change how often syslogs are sent to the server.
Hello all, just a follow up...4 months later lol

What reason would I choose a different severity level? I also see debug-verbose, warning, and other options.

I want to be sure I get all the information the switch has to offer.

Reply