Syslog ospf neighbor changes not working - other syslog events are ok


(charles b) #1

My syslog server logs severity 5 events config changes from a cisco router.

However i have configured it so ospf neighbor changes are sent to syslog - but i cannot see those events.

config changes are a severity 5 events - i can see these in syslog

OSPF neighbor change are severity 5 events ( %OSPF-5-ADJCHG ) - i cannot see these in syslog

Partial config from router below.

I see ospf neighbor changes on the console.

#
router ospf 1
 log-adjacency-changes detail

logging trap debugging
logging facility local0
logging source-interface GigabitEthernet0/1
logging host x.x.x.x

Any help much appreciated


(Lazaros Agapides) #2

Hello Charles

So just to confirm, you do see OSPF adjacnency changes on the command line of the console but not on the syslog server. You also see other severity 5 events being logged on the syslog server but not OSPF events. Correct?

With that info, and at first glance, it looks like everything you’ve done is correct. Try some of the following troubleshooting steps:

  1. Attempt to increase the severity level of logs that the syslog receives. Go up to 7 and try to bring down and bring back up the adjacency and see what happens. Level 7 will log EVERYTHING so if it is not in there, at least you know that something is blocking them.
  2. Verify that the act of removing the adjacency is not disrupting network connectivity to the syslog server at the very moment it is attempting to send the information. Make changes to an adjacency that will not affect network connectivity to the syslog server.
  3. Verify that the syslog server does not have some kind of sorting or filtering mechanisms that may not allow the desired syslog messages to appear.

I hope this has been helpful!

Laz


(charles b) #3

Hey thanks for your reply. i got this sorted and meant to post the solution.

You were correct to suggest the following :
3. Verify that the syslog server does not have some kind of sorting or filtering mechanisms that may not allow the desired syslog messages to appear.

My syslog server was applying a filter to severity 5 events and above.

They way i worked that out was the very handy cisco command below to manually send different severity level alerts to whatever syslog server is setup on the cisco router
send log 1 test1
send log 2 test2
send log 3 test3
send log 4 test4
send log 5 test5
send log 6 test6
send log 7 test7

I then setup a second syslog server on my PC and configgured my router to send alerts to it. I noticed all alerts reached my pc syslog server ok but not the solarwinds syslog server

Free syslog server application = http://tftpd32.jounin.net

Charlie


(Lazaros Agapides) #4

Hello Charles

Excellent! Thanks for sharing your solution, it’s always helpful for all!

Laz