Is there any way to change the port that is used for syslog messages on a Cisco 9500 switch?By default this is set to UDP port 514.There doesn't seem to be a command to change the port.
View 1 RepliesIs there a way to get more messages out of a 2950 set to syslog? I've turned every logging option I can find to DEBUG, but all I get in my syslog are LinkUp/Down messages and "Configured from console by console". I'd love to see more information such as configuration changes, or even someone attempting to set up DTP on a switchport set to access mode.
View 2 Replies View RelatedQuery is, Can i send my syslog messages to SNMP sever? if so, what command needs to be enabled on nexus 7k?
View 3 Replies View RelatedI am using Solawinds syslog and trying to get our Cisco routers send syslogs to our syslog server. I followed the procedure on Configuring Cisco Devices to Use a Syslog Server from [URL] Our Cisco swtches are all sending syslog messages but not the routers. I compared the config with our access switches but can't seem to find the problem:
Sample router config:
service nagleno service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryption!hostname WWF-RT1boot-start-markerboot-end-marker!security authentication failure rate 10 logsecurity passwords min-length 8logging buffered 4096logging rate-limit all 10logging console critical!aaa new-model!!
[Code] .......
is there a command that prevents the router from sending the syslog to the server?
While working at a client site today, I was troubleshooting some ICMP connectivity for a network we have created.I turned on 'debug ip icmp" on the 3550 switch int he middle, and was inundated with the following debug output:
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
[code]....
This output fires several times a second, and based on how often it is firing, I am curious if it may be a culprit with respect to the fact that the client has indicated that they have some slow internet.Should the next step be to look at the workstation at 172.16.1.5?
I have a couple of Cisco 2960's sending syslog messages to a remote syslog-ng on port 514 (standard).
I need to set another Swtich so it sends traffic to the same syslog server but on another UDP port (such as 714),, is that possible,? I cannot find the option on the documentation.
I have a weather station at our high school that needs UDP port 9500 open inbound/outbound to specified IP addresses.
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
I'm getting the Syslog messages frequently on daily basis.
View 4 Replies View RelatedI have a new install of LMS 4.2 on a virtual appliance. No syslog messages are getting into LMS. They are being received by the server, but are showing up in /var/adm/CSCOpx/log/dmgtd.log, and aren't getting processed by SyslogAnalyser.
View 3 Replies View RelatedLMS 4.1 is not showing any valid syslog messages, only invalid messages. Is there anything different in 4.1 that needs to be set?
View 2 Replies View RelatedMy Cisco devices send syslog messages to LMS but it wont`t show any messages from device. Older LMS 3.2 and other collector showe all syslog messages. What to do with LMS 4.0.1?
View 2 Replies View RelatedI have a newly installed LMS 4.1 that had the Syslog feature working for a while.
Recently, the Syslog is no longer displaying any records (neither new or old messages).
Below are the steps I have tried to troubleshoot the problem:
- Installed wireshark : Syslog messages are being received by the LMS server on time
- In the Syslog.log file, I can see that all the Syslog messages are being logged properly
- I tried to disable all the "Syslog Message Filters" but nothing changed
In the SyslogCollector.log, I can find the below logs:
NMSROOT is C:/PROGRA~2/CSCOpx
propFileC:/PROGRA~2/CSCOpxMDC omcatwebapps
meWEB-INFclassesC:PROGRA~2CSCOpxMDC omcatwebapps
[Code]....
I have a small problem with a lot of invalid syslog messages in LMS 3.2. Something about 30% of all messages are invalid.
Is there any posibility to get out from which devices those messages are?
Is it a big problem for the application if there are such a lot of invalid messages? I have a lot of devices in my LMS and don't want to get high load because of such unneeded messages.
I have Cisco 800 series (888w) with BRI-ISDN port. Is there any way to change the usage of ISDN port to normal RJ45 port?I want to use this SOHO router to sharing connection.
View 0 Replies View RelatedIs there a way to debug syslog messages? Something like "debug ip syslog"?
View 11 Replies View RelatedI bought a RV110W wireless router a couple months ago that I've been pretty happy with.
However, I have one significant problem with it. It is configured to send syslog messages to an internal server. Twice now it has gone into a mode where it starts dumping messages like,
ip_conntrack_is_ipc_allowed: ipc_entry_is_full
continuously, at a rate of about 20 per second. It otherwise seems to function normally, but of course if unnoticed my syslog file quickly grows to hundreds or thousands of megabytes. A reboot restores normal operation. It is running firmware 1.1.0.9. A search on the internet turned up no information about this problem.
It may be some corruption is occuring in the router's OS, or perhaps this is something that can be triggered externally (in which case it would be a weak form of DoS attack? Or maybe worse if in this state it is unable to properly apply the firewall rules.)
I want to use IP SLA to perform simple up/down monitoring of an IP host and to generate a syslog alert if the host goes down. I have a 2650XM router running 12.4(23) IP Voice IOS. My basic IP SLA config is hown below:
ip sla monitor 10
type echo protocol ipIcmpEcho 10.55.1.1
timeout 1000
frequency 10
ip sla monitor schedule 10 life forever start-time now.
We started getting the below syslog messages from one of our ASA5520 which was recently upgraded to 8.4(2). Any bugs on 8.4(2) that cause this or its simply the RAM failure?
%ASA-3-105010: (Primary) Failover message block alloc failed
%ASA-3-321007: System is low on free memory blocks of size 1550 (0 CNT out of 18709 MAX)
how can I configure ACS 5.2 to send syslog messages to CS-MARS?
View 3 Replies View RelatedI'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior. I'm doing this step.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the URL
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it.URL
NOTE: from the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired
I don't think i completely understand this statement, by sitting does it mean that it is passively sniffing coming in/out on trunk link?
Considering the above steps are accurate, after this will i be able to see rogue detection behavior in syslogs? What exactly would be the messages that would produce this behavior.
I have an issue with the syslog of 7600 router, I have configured the logging level to informational, but when I execute changes such as up or down an interface, the syslog messages aren't displayed? Why is the reason? This symptom exist after I changed the buffer size from default to 32768.
Router#sh log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 2 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 40 messages logged, xml disabled,
[code]....
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC. url...
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it. url...the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired.
i have 4507R with dual supervisors (WS-X4013+10GE) with IOS cat4500-ipbasek9-mz.122-46.SG.bin the supervisor module are in 3 and 4, and I want to connection port 5, but i have interface and line protocol down "inactive" error.
So I realized to use command "hw-module" to change the module to GE port. However, I am not able to use the command as" I cannot use the command "hw-module uplink" as well.
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
I'm trying to change a vlan on a port-channel but I am getting this error when I apply the change:" error: command is not mutually exclusive",I have done this in the past but I cannot remember exactly what I should type to apply the change.
View 2 Replies View RelatedI'm in the middle of a Nexus 5000 project and recognized today while configuring port-channels, that some of the interface numbers are reserved for internal use.
Is it possible to change or configure which port-channel interface numbers are allocated for internal use by NX-OS?
Unfortunatly I wasn't able to find a solution for this issue in the offical Nexus documentation, the search function of this forum or Google. If I did miss something or didn't look careful enough at the Nexus docs, I'm also happy with RTFM (... fine manual) responses and links to the info :-)
Additional info:
Nexus5k(config)# interface port-channel 128 ignored port-channel128: internally used, configuration not allowed
Port-Channels 111, 113, 115, 119, 121, 200, 211, 222 were created manually, but 127 - 129 were not.
Nexus5k# show port-channel usage
Total 11 port-channel numbers used
============================================
Used : 111 , 113 , 115 , 119 , 121 , 127 - 129 , 200 , 211 , 222
Unused: 1 - 110 , 112 , 114 , 116 - 118 , 120 , 122 - 126 , 130 - 199
201 - 210 , 212 - 221 , 223 - 4096
[Code]......
I have 2 x 3750 stacked, the port number of the master switch is gigabitEthernet2/0/1, slave as gigabigEtherent1/0/1.
Can I change the port numbering so that the master switch gets GigabitEthernet1/0/x?
Brand new SG300-20, every now and then on console
12-Nov-2011 23:35:33 :%HAL_config_phy-I-CHNGCOMBOMEDIA: Media changed from copper media to fiber media (Unknown) on port gi19.
12-Nov-2011 23:35:33 :%HAL_config_phy-I-CHNGCOMBOMEDIA: Media changed from copper media to fiber media (Unknown) on port gi20.
12-Nov-2011 23:35:33 :%Fiber-I-SFP-PRESENT-CHNG: gi19 SFP status is present.
12-Nov-2011 23:35:33 :%Fiber-I-SFP-PRESENT-CHNG: gi20 SFP status is present
However these ports are not in use and have nothing installed...............Firmware 1.1.2.0 (latest as of Nov 2011)
I've got a 48-port 3750 running 12.2(46)SE and I am seeing these messages in the logs. Has any seen this message before or what it means ?
Invalid packet (too large) length=22320
I have a new redundant network with two cores C1 and C2 and five access switches A1 to A5. They are all Cisco SG300 switches. I have noticed there are too many STP messages emanating from one host which has a MAC address which cannot be traced on the network. In the redundant network, I made C1 the root bridge by giving it a priority of 4096 and C2 has been given a priority of 8192 so that it is the secondary root bridge in the network. I have left all other STP settings to default on the rest of the switches in the network.
The problem is that one host is advertising a RST root bridge all the time. Now it has a mac address which is different from the mac address of the root bridge itself and i cannot trace this mac address on the network. Look at the snapshot of Wireshark output in the attach.The source MAC address which is the host advertising all the time is 1c:df:0f:34:db and the root bridge is 1c:df:0f:bb:34:c4.
Why would the root bridge be resetted all the time?I've also noticed that one port in a LAG configuration on one of the access switches is flapping up and down all the time.I tried to troubleshoot this problem. It is not the cable. It would be something else. What could cause this flapping of the port?Could it be related to STP?
On the other Core switch C2 I can see a LAG status switching between forwarding and blocking all the time. What could make the LAG status to flap from forwarding to blocking and back all the time like this?
Is there a way to turn off 802.1x authentication messages to the console of a 3750 switch? The issue we have is that we like to monitor the terminal when remotely configuring our switches. However, every time a computer authenticates to the network we get messages and sometimes quite a few depending on the situation.
View 3 Replies View RelatedI had these error messages on both my Cisco 2851 and on my Cisco Catalyst 6506.
On Cisco 2851:
%SYS-SP-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (4/4),process = SEA write CF process. [code]...
And on 6506:
Dec 27 15:20:55 MET: %SYS-SP-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (129/129),process = SEA write CF process.[ code]...
I have these IOS versions on my Cisco:
Cisco 2851: 15.0(1)M4
Cisco 6506: 12.2(33)SXI
We use C2950G switches with IOS 12.1(22)EA12 . Switches are set up to send logs to a server (informationnal level). On this server, we receive many of logs from those switches, but none about interfaces errors (even if interfaces statistics show interfaces errors). On C3548 switches it's work fine.How should I be sure the set up of switches is correct ? Why do I never receive messages as %LINK-4-ERROR:[char] is experiencing errors ?
View 2 Replies View Related