Forum Discussion
NimbostratusSyslog configuration
HI all,
Can anybody help me to understand what is the difference between below output of TCPDUMPS?
06:23:41.296245 IP LB-ALPHA-BIGIP-1.inf.xxxx.net.37562 > x.x.x.x.syslog: SYSLOG local0.notice, length: 146 06:23:41.397429 IP LB-ALPHA-BIGIP-1.inf.xxxxx.net.57614 > y.y.y.y.syslog: [|syslog]
Basically I have detleted the y.y.y.y syslog and put a new ip x.x.x.x but user confirmed that it is not working..there is no firewall in between.
I have added amangement route just like old syslog server and added the new syslog;
MGMT ROUTE x.x.x.x | GATEWAY z.z.z.z MTU 1500
remote server abcd { host x.x.x.x local ip none remote port 514 } }
Kindly let me know if anything i am missing here
4 Replies
IanBEmployee
Make sure you use -s0 with tcpdump, or it will only show you data from the first 96 bytes of the packet. Can you be more specific about what the problem is ? Is the user saying that the syslog message is not arriving at the server ?
Santavi_241428HI what i want to know is if the above mesage is asuccesful udp messgae between Lb and syslog server? 06:23:41.296245 IP LB-ALPHA-BIGIP-1.inf.xxxx.net.37562 > x.x.x.x.syslog: SYSLOG local0.notice, length: 146 06:23:41.397429 IP LB-ALPHA-BIGIP-1.inf.xxxxx.net.57614 > y.y.y.y.syslog: [|syslog]
jgranieriyou can use the logger command and send a test message to F5 local facility and then run a concurrent tcpdump in another window on your F5 and also on your syslog server. then you can confirm if messages are indeed being delivered to your syslog server. also you can restart the syslog daemon to ensure the new changes are in effect
- Santavi_241428Sure and I will try the same on next time troubleshooting and let you know..
