Wired Intelligent Edge

 View Only

  • 1.  logging not generating logs

    Posted Oct 12, 2015 06:16 AM

    I'm trying to enable logging from our HP ProCurve switch to a network server, but nothing seems to be generated:

    On the switch:

     

    conf t
logging 192.168.21.51
logging facility local0
end

sh debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination: 
Logging --
192.168.21.51
Protocol = UDP
Port = 514
Facility = local0
Severity = debug
System Module = all-pass
Priority Desc =
Enabled debug types:
event

    on the server side, we are using rsyslog to collect messages, which works well with Cisco device:

    # netstat -anp | grep rsyslog
udp        0      0 0.0.0.0:514             0.0.0.0:*                           20568/rsyslogd  
udp6       0      0 :::514                  :::*                                20568/rsyslogd  
unix  10     [ ]         DGRAM                    9664099  20568/rsyslogd      /dev/log

    but I can't find any messages from HP Switch in /var/log/messages or in the destination log file via configuration in /etc/rsyslog.conf:

    local0.*                        -/var/log/network.log


  • 2.  RE: logging not generating logs

    Posted Oct 12, 2015 08:36 AM

    We have the same setup as you: Procurve switches and rsyslog. We use a different facility, but that shouldn't matter. We use LogAnalyzer as a graphical frontend to rsyslog.

     

    Is there a firewall between the switches and the Syslog server? Can you see the syslog traffic in the firewall logs?

     



  • 3.  RE: logging not generating logs

    Posted Oct 12, 2015 09:19 PM

    I can be sure that there're no firewalls or any packet filters between the switch and the rsyslog server, is there any way to check if messages are being sent from the switch?



  • 4.  RE: logging not generating logs

    Posted Oct 13, 2015 07:55 AM

    Try to mirror the switch port where the syslog server is connected and use Wireshark to see if the syslog traffic is being received by the server.

     



  • 5.  RE: logging not generating logs

    Posted Oct 13, 2015 09:44 AM

    Also:

     

    dut# show syslog statistics


     Syslog General Statistics details

      Logs Sent           : 153             Logs Recv           : 0           
      Logs Relay          : 0               Logs reSentError    : 0           
      Logs sentError      : 0               Logs reSent         : 23          
      Logs Buffered       : 1



  • 6.  RE: logging not generating logs

    Posted Oct 13, 2015 06:20 PM

    Also, install something like Kiwi syslog on your laptop, point the switch at it, and see if that receives the logs.



  • 7.  RE: logging not generating logs

    Posted Oct 14, 2015 04:00 PM

    On the server side, I find this useful for checking syslogs.

     

    $ tcpdump -i eth0 'udp port 514'

     

     

     



Related Content