cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

NetSight: Syslog source ip is missing

NetSight: Syslog source ip is missing

Chacko
Contributor
Our switches are sending syslog events to the netsight server.
In the file /var/log/syslog/ I can see, that the messages being received - but in the NetSight Console, I can't see the source-ip.
Without the IP it's hard to find the right events šŸ™‚

Does anyone have ideas?

NetSight 7.0.6.27
EXOS 16.1.3.6
Summit X460

Syslog conf:
Log Target : syslog; :514 (vr VR-Mgmt), local0 from
Enabled : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Debug-Data (through Critical)
Format : PRI Mmm DD HH:MM:SS HOSTNAME TAG:

6 REPLIES 6

Chacko
Contributor
Is there a reason why you are using the syslog-facility local4?
I'm aware of the syslog-facilities in general, but I haven't found information regarding that by Extreme.
Anyway, I think I found your problem: The format of your syslog-target is wrong:
Format : DD-MM-YYYY HH:MM:SS TAG[pid]:

Maybe you should use a command like this:
configure log target syslog 10.58.36.210 format timestamp seconds date yyyy-mm-dd tag-id tag-name
https://gtacknowledge.extremenetworks.com/articles/Solution/Syslog-from-XOS-devices-have-no-source-I...

Best Regards
Chacko

Hi Chacko.

you point me to the right way.
I need to remove the "date" statement.

configure log target syslog 10.0.10.57:514 vr VR-Default local4 format timestamp seconds date none event-name none tag-id tag-nameNow the correct source is shown in netsight.

thanks
Alexander

aloeffle
Contributor
Dear Oscar, Chacko.
I have the same situation. Removing the "host-name" statement did not help.

NetSight: 7.1.1.9
X450G2 with xos 22.2.1.5

Here is my config:

* X450G2-48p-10G4.5 # show config ems

# Module ems configuration.

configure syslog add 10.0.10.57:514 vr VR-Default local4

configure log target syslog 10.0.10.57:514 vr VR-Default local4 from 10.0.10.55

enable log target syslog 10.0.10.57:514 vr VR-Default local4

configure log target syslog 10.0.10.57:514 vr VR-Default local4 filter DefaultFilter severity Debug-Data

configure log target syslog 10.0.10.57:514 vr VR-Default local4 match Any

configure log target syslog 10.0.10.57:514 vr VR-Default local4 format timestamp seconds date dd-mm-yyyy event-name none tag-id tag-name

* X450G2-48p-10G4.5 # show vlan

Untagged ports auto-move: Off

-----------------------------------------------------------------------------------------------

Name VID Protocol Addr Flags Proto Ports Virtual

-----------------------------------------------------------------------------------------------

Default 1 10.0.10.55 /24 ------------T--------------- ANY 1 /52 VR-Default

Mgmt 4095 ------------------------------------------------ ANY 0 /1 VR-Mgmt

-----------------------------------------------------------------------------------------------

* X450G2-48p-10G4.6 # show log configuration

Log Target : syslog; 10.0.10.57:514 (vr VR-Default), local4 from 10.0.10.55

Enabled : yes

Filter Name : DefaultFilter

Match regex : Any

Severity : Debug-Data (through Critical)

Format : DD-MM-YYYY HH:MM:SS TAG[pid]:

Port Type : UDP

5395015a002f4435b7113a9658904178_RackMultipart20170322-67602-syi2tg-NetSight_7_-_no_syslog_source_ip_for_xos_inline.jpg



EMS shows as source "22" !? instead of 10.0.10.55.

Whats wrong with my config?

thanks for your help.
Alex

OscarK
Extreme Employee
Hello Chacko, I stumbled on this before and wrote that article so hence I remembered it. Nice to know it fixed it.
GTM-P2G8KFN