Can not receive message from Cisco switch 3750

Do a 'show logging | begin Trap' on your device, see if it is "link up" and has actually sent any syslog to the destination. Should look like something below;

If all of that checks out, please put up your kiwi syslog configuration text file so we can see what your input syslog filters are (Are you watching for all syslog, only certain levels/facilities, what's it supposed to do it the input, etc). Thanks,

Thanks for reply. Below information was what I got after run sh logging command. Link up is there.

Trap logging: level notifications, 1909 message lines logged

        Logging to 192.168.0.51  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              673 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

kiwi systlog configuration file was attached. Please take a look.

Thank you again.

It looks like that is the default config for kiwi so you're not filtering anything, I don't think the problem is there.

Try changing the logging level to debugging to see if you get anything.

Also try these commands...

config terminal

archive

log config

logging enable

Any configuration changes you make should then show up as syslogs making it easier to test (and why wouldn't you want config changes logged somewhere anyway right?).

The only other questions I have would be...

Are the switch and syslog server on the same subnet? If not, it could be a routing issue or firewall issue.

So I had to import your .ini file to visually see what was going on... Acy, my experience differs from yours.. And come to think of it I've never tried it the way you describe (no filters).

From my previous experience, you need to enable a filter to make this work... Filter is kind of a misnomer since it really is what tells the service if it matches that criteria (certain facility or severity, specific sources, input type [snmp, udp, etc], text expressions, etc), then perform the following actions.

With what you have setup for the 'Default' -- no matching is attempted since there are no filters configured... Under 'Log to Syslog Web Access' you have a filter defined but not enabled (the checkbox must be checked to enable). Enable your 'By Priority' filter (it will only take in data with the Local# facilities and 1-5 severity) and click Apply, and then start generating some syslog. If that still doesn't work, for testing purposes I'd highly suggest just checking all the boxes for testing and then configure it further down once you know what you want to filter for.

hello guys,

Yes, you are right. I did not check Filter option on my syslog server. But in fact, I did receive logs from different cisco devices and servers. All my cisco devices are in same sub net, 192.168.1.*. Another interesting thing is 3750 switch is sending message to syslog server by another vlan ip 192.168.0.1, not 192.168.1.2. I attached my vlan configuration in 3750 fyi.  I guess that's the problem I can not find message by 192.168.1.2. Noe I can see all logs from devices. Thank you everybody.

Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  192.168.1.2     YES NVRAM  up                    up

Vlan2                  192.168.0.1     YES NVRAM  up                    up

Vlan3                  192.168.3.1     YES NVRAM  up                    up

Vlan4                  192.168.4.1     YES NVRAM  up                    up

Vlan5                  192.168.5.1     YES NVRAM  up                    up

Vlan6                  192.168.6.1     YES NVRAM  up                    up

Vlan7                  192.168.7.1     YES NVRAM  up                    up

Vlan8                  192.168.8.1     YES NVRAM  up                    up

Vlan9                  192.168.9.1     YES NVRAM  up                    up

Vlan10                 192.168.10.1    YES NVRAM  up                    up

Vlan11                 192.168.11.1    YES NVRAM  up                    up

Vlan12                 192.168.12.1    YES NVRAM  up                    up

Vlan13                 192.168.13.1    YES NVRAM  up                    up

I'm forwarding all of my logs from my production server to the machine I am using for beta testing and I'm setting up a separate display all without a filter. Everything is going to the separate display and the logs are all forwarding. I also have a statistics collector script that runs against all messages in a rule without a filter.

If you want the source of the syslog messages to be from your vlan1 192.168.1.2 address you can add the following line to your logging configuration on the 3750:

     logging source-interface vlan 1

Thanks. It works from vlan1 interface now.