Anyone familiar with Solarwinds Kiwi Syslog Server?
GDaines
Member Posts: 273 ■■■□□□□□□□
in CCNA & CCENT
I've downloaded the free 5-device version so I can get my head around Syslog and have installed it at work, initially with just default settings. I've configured it to listen to 5 IP addresses. I tweaked the existing firewall rules on my PC (syslog server) to include Domain, Private and Public (only allowed Domain by default), then added a rule to allow inbound UDP port 514, and finally turned it off altogether
We use current gigabit WS-C2960S-48FPD-L or similar switches so I added the following commands (note that while I originally learned that routers and switches have different sets of commands, those I had for switches starting 'set' aren't recognised):
SW1(config)# logging on
SW1(config)# logging 192.168.1.1
SW1(config)# service timestamps log datetime msec
When these alone didn't work I also tried the following one at a time, but I'm still receiving nothing:
SW1(config)# logging trap 7
SW1(config)# logging source interface vlan 1
SW1(config)# logging facility local7
While the switches and my PC are on different VLANs there's currently no security so every VLAN can talk to every other VLAN. I can ping the PC from the switch and the switch from the PC, and I can telnet in from the PC. I can send test messages from within Kiwi but I'm getting no messages from any of the switches.
As a side note I also run Solarwinds TFTP server on the same machine to which I have backed up all the configs, so I've no reason to believe the PC is in any way blocking anything.
Sadly Google isn't my friend on this one...
We use current gigabit WS-C2960S-48FPD-L or similar switches so I added the following commands (note that while I originally learned that routers and switches have different sets of commands, those I had for switches starting 'set' aren't recognised):
SW1(config)# logging on
SW1(config)# logging 192.168.1.1
SW1(config)# service timestamps log datetime msec
When these alone didn't work I also tried the following one at a time, but I'm still receiving nothing:
SW1(config)# logging trap 7
SW1(config)# logging source interface vlan 1
SW1(config)# logging facility local7
While the switches and my PC are on different VLANs there's currently no security so every VLAN can talk to every other VLAN. I can ping the PC from the switch and the switch from the PC, and I can telnet in from the PC. I can send test messages from within Kiwi but I'm getting no messages from any of the switches.
As a side note I also run Solarwinds TFTP server on the same machine to which I have backed up all the configs, so I've no reason to believe the PC is in any way blocking anything.
Sadly Google isn't my friend on this one...
Comments
-
pinkiaiii Member Posts: 216did some digging on this topic since seems interesting hope its of any help:
To configure syslog servers, perform this task:
[TH]
[/TH]
[TH] Command
[/TH]
[TH] Purpose
[/TH]
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# logging server host I] severity-level[/I] [[I] facility[/I]
Configures a syslog server at the specified host name or IPv4 or IPv6 address. You can limit logging of messages with a minimum severity level and for a specific facility. Severity levels, which range from 0 to 7, are listed in Table 1-1 . The default outgoing facility is local7.
switch(config)# no logging server host
Removes the logging server for the specified host.
Step 3
Repeat Step 2 for up to three syslog servers.
Step 4
switch(config)# show logging server
(Optional) Displays the syslog server configuration.
Step 5
switch(config)# copy running-config startup-config
(Optional) Copies the running configuration to the startup configuration.
switch# configure terminal
switch(config)# logging server 172.28.254.254 5 local3
switch(config)# show logging server
switch(config)# copy running-config startup-config
[h=3]Configuring syslog Server Configuration Distribution[/h] You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure.
For more information about CFS, see the “Information About CFS” section.
After you enable syslog server configuration distribution, you can modify the syslog server configuration and view the pending changes before committing the configuration for distribution. As long as distribution is enabled, the switch maintains pending changes to the syslog server configuration.
and rest of options,i would have much clue-but seems there has to be server specified-and configured as in above example:rest was taken from here:
This chapter describes how to configure system message logging on the switch.
This chapter includes the following sections:- Information About System Message Logging
- Configuring System Message Logging
- Verifying System Message Logging Configuration
- System Message Logging Example Configuration
- Default Settings
By default, the switch outputs messages to terminal sessions. For information about configuring logging to terminal sessions, see the “Configuring System Message Logging to Terminal Sessions” section.
By default, the switch logs system messages to a log file. For information about configuring logging to a file, see the “Configuring System Message Logging to a File” section.
Table 1-1 describes the severity levels used in system messages. When you configure the severity level, the system outputs messages at that level and lower. to read mode in detail if your missing some config.
-
Hondabuff Member Posts: 667 ■■■□□□□□□□I use this config on all my devices and they report to my Solarwinds syslog server and Orion. Also use and NTP server and set your timezone correctly. You can also test the syslog with 3CDameon.
!
service timestamps log datetime localtime show-timezone year
logging buffered 16000
logging host { IP of Syslogserver}
logging source-interface {Interface that LAN IP is on}
!“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln