5
votes
Accepted
How do I check if a Cisco switch is connected to a SYSLOG server?
Query 1: What does console, monitor, buffer & exception logging mean?
The console is the console line interface. When console logging is enabled, log messages are sent to the serial console line.
...
- 100k
5
votes
Juniper - minor host 0 /var partition usage is high
It looks like after taking the issue up with JTAC support, the /var partition was misrepresenting the amount of space that was actually in use. We haven't rebooted our switch in the last four years as ...
- 51
4
votes
Accepted
Send command lines to syslog server
You can send configuration commands to the syslog server with the notify syslog command (Cisco IOS Configuration Fundamentals Command Reference):
archive ! archive configuration mode
log ...
- 100k
4
votes
Problems with TCP-Syslog on Cisco devices?
Syslog streaming is independent of the router resources since it sends configured logs to an external Syslog server. Losing the syslog would mean that these logs go back to the internal buffer.
The ...
- 400
4
votes
Accepted
What is the difference between "logging monitor" and "terminal monitor" commands?
logging monitor <level> determines what syslog priority level will be logged.
When you connect to a router via VTY, syslog messages are not displayed unless you issue the terminal monitor ...
- 67.8k
4
votes
Can we have two logging source-interface configured on Cisco Switch?
No. You can have only one source interface statement. If you try to add the second, it will simply overwrite the first.
- 67.8k
3
votes
Accepted
Log messages not leaving switch after changing source to management port
Set the VRF on the host entry. Your VRF should also be defined on the management interface itself.
Please issue the commands:
no logging host 10.10.10.10 transport udp port 10023
logging host 10.10....
- 4,690
3
votes
Accepted
Cisco ASA syslog messages, reversed source and destination for outbound communication?
Ok apparently that's what the Splunk plugin does as well.
See "Splunk Add-on for Cisco ASA" https://splunkbase.splunk.com/app/1620/
# direction is inbound
[...
- 195
3
votes
Accepted
Problems with TCP-Syslog on Cisco devices?
As far as I could see, there is no Cisco document that describes what happens in the scenario that you mention.
But even if there was such a document, you would be best advised to verify the ...
- 2,416
3
votes
Cisco ASA logging to remote syslog question
Trap logging: disabled
That's the first problem. "trap" is the mechanism that sends to syslog hosts. logging trap informational will start messages flowing, but on an active firewall, there will a ...
- 32.4k
3
votes
Cisco ASA logging to remote syslog question
The "debugging" level is way too detailed for most uses. As you can see, it generates a lot of messages; most are not helpful. Also, it puts a heavy load on the ASA.
You can try
logging trap info
...
- 67.8k
3
votes
Accepted
Trigger a syslog message on ASR9k
The above requirement worked for me using the below command on ASR9k
logmsg [your message]
- 905
3
votes
Accepted
Cisco EEM pass Syslog message to TCL script
Alright, so
action policy POLICY_NAME $arg
doesn't pass arguments to the script - had to switch to
action cli command "tclsh flash:/script.tcl $arg"`
which does, HOWEVER...
EEM actions are unable ...
- 221
2
votes
Accepted
Is it possible to send syslog and SNMP traps to two different addresses concurrently?
Yes, you can with Cisco gear at least (and probably also with most other vendors).
For syslog:
logging 10.1.1.1
logging 10.1.1.2
For SNMP traps:
snmp-server host 10.1.1.1 version 2c @str!ng
snmp-...
- 969
2
votes
Accepted
How to capture the details of the network traffic by Cisco?
There's a protocol created by Cisco for this very purpose: netflow.
You have to check if your version of IOS support it, and you need a netflow collector that will receive and record the ...
- 19.8k
2
votes
Accepted
Cisco Access Control Server ACS
Cisco ACS can't be used as syslog server, but it could be used as AAA server which is include Accounting:
if you are looking to use ACS as accounting server for management account which is include ...
- 1,733
2
votes
Cisco ASA syslog filtering
You could write your firewall rules so that the "noisy" communication falls into a dedicated "Allow" rule and turn off logging for such rule.
- 195
2
votes
Accepted
Global IP sourced on my INSIDE interface to another global IP on OUTSIDE interface
Ok I believe I found the problem. My remote sites have their own routers with their own internet connection. We don,t really use it for anything other than an IPSEC tunnel back to HQ to use as a ...
- 403
1
vote
Logging discriminator to omit specific log message in Cisco
I updated my config again in the original post with the working config. I must have done something wrong yesterday, but it is working today. I have two logging hosts. One is a dedicated syslog server ...
- 157
1
vote
Accepted
Fortigate 100E user names in syslog
A Fortigate uses an FSSO module (Fortinet Single Sign On) where these attributions are configured (part of Security Fabric for FortiOS 6.x). For instance, AD logins can be monitored by source IP via ...
- 85.8k
1
vote
can't find notify syslog in cisco sw nexus 3000
Unfortunately, NX-OS doesn't have a command equivalent to IOS' archive. Sending accounting logs to syslog is not supported, though you can send them to a TACACS or RADIUS server.
- 7,144
1
vote
Unable to receive logs from a device to our SIEM Syslog server via TCP 514
Typically, a TCP responder (here: your SIEM Syslog Server) will send a TCP-RST as a response to a TCP-SYN that tried to reach a (destination) port that was not in LISTENING state.
In other words: "...
- 8,846
1
vote
Accepted
2901 Router does not send Syslogs to the Syslog server
With these protocols running there has to be syslog messages for
exchanges go between our devices and customer devices.
"logging trap debugging"
This command means that every log message is ...
- 46
1
vote
Global IP sourced on my INSIDE interface to another global IP on OUTSIDE interface
When a public IP address shows up inside your private network you should track it down. Check the ARP table on the ASA whether the source is connected directly or work from there to the source router. ...
- 85.8k
1
vote
Trigger a syslog message on ASR9k
The send command is used to send messages between users logged into the same router.
send
- To send messages to one or all terminal lines, use the send EXEC command.
send {line-number | * | ...
- 100k
1
vote
What are examples of Cisco IOS Syslog level 0 (emergency) messages?
Cisco has a large listing of Syslog Messages and Severity level here: Syslog Messages
This list includes Syslog Messages for the following:
IOS Software Release 15SY
IOS Software Release 12.2SY
IOS ...
- 1,241
1
vote
Accepted
Cisco ASA syslog filtering
The ASA can only filter messages by severity, or by log message class, or by individual log message.
Unfortunately, there is no way for the ASA to filter on a specific attribute or value within a ...
- 15.1k
1
vote
Syslog severity level to 5 + ACL BLOCKED log
Write an EEM script that looks for your syslog message at level 6 and in response emits a syslog message at log 5 or better.
Note: I don't know if this works on your device/IOS version.
The ...
- 2,416
Only top scored, non community-wiki answers of a minimum length are eligible