I have pointed our Extreme switches to send SYSLOG messages to Solarwinds. We get IOS and IOS-XR messages OK, but for some reason we do not see the SYSLOG messages come into Solarwinds. I have opened a TAC case with Solarwinds and they determined that there were issues with the syslog messages as they apparently were "not formatted according to RFC 5424"
I am skeptical about this since I have had some modicum of success with other syslog servers capturing syslog messages from XOS, so I just want to verify that there should be no troubles with this and review the configuration so I ensure it is correct.
Here is the way I have our XOS devices configured:
create log filter solarwindscreate log filter memorybuffer
configure log filter solarwinds add events ISIS.NFSM.AdjChg
configure log filter solarwinds add events ospf.neighbor.ChgState
configure log filter solarwinds add events vlan.msgs.portLinkStateUp
configure log filter solarwinds add events vlan.msgs.portLinkStateDown
configure log filter memorybuffer add events ISIS.NFSM.AdjChg
configure log filter memorybuffer add events ospf.neighbor.ChgState
configure log filter memorybuffer add events vlan.msgs.portLinkStateUp
configure log filter memorybuffer add events vlan.msgs.portLinkStateDown
configure log filter memorybuffer add events cli.logRemoteCmd
configure log filter memorybuffer add events AAA.LogSsh
configure log filter memorybuffer add events pim.cache
configure log target memory-buffer filter memorybuffer severity Info
configure log target memory-buffer number-of-messages 20000
configure log target nvram filter DefaultFilter severity Info
configure syslog add 10.253.10.25:514 vr VR-Default local5
enable log target syslog 10.253.10.25:514 vr VR-Default local5
configure log target syslog 10.253.10.25:514 vr VR-Default local5 filter solarwinds severity Info
configure log target syslog 10.253.10.25:514 vr VR-Default local5 match Any
configure log target syslog 10.253.10.25:514 vr VR-Default local5 format timestamp seconds date Mmm-dd event-name none host-name tag-name
Slot-1 CoreSwitch# sh switch | inc Primary
Primary ver: 15.3.2.11 15.3.2.11
Thanks for the consideration
