HPE Community
Aruba & ProVision-based
1753385 Members
5534 Online
108792 Solutions
New Discussion

Modify Syslog source ip address

 
LionLantech
Advisor

‎05-30-2016 01:42 AM

‎05-30-2016 01:42 AM

Modify Syslog source ip address

Hi all,

i have a procurve 5406 with syslog configuration(logging <server ip>) and some vlan/ip address configured.

 

This switch send syslog message with default vlan ip address(ie. 1.1.1.1) but i want it send syslog message with vlan 2 ip address(2.2.2.2).

 

I try to use 'ip source-interface syslog 2.2.2.2' command and reload the switch but it continue to send syslog message with the wrong ip address.

 

How can i modify syslog source address?

 

thank you.

0 Kudos
10 REPLIES 10
Vince-Whirlwind
Honored Contributor

‎05-30-2016 03:31 PM

‎05-30-2016 03:31 PM

Re: Modify Syslog source ip address

Does the command 

management-vlan 2

change anything?

0 Kudos
LionLantech
Advisor

‎05-31-2016 12:49 AM

‎05-31-2016 12:49 AM

Re: Modify Syslog source ip address

No, it already sends packet from wrong source IP.

0 Kudos
Vince-Whirlwind
Honored Contributor

‎05-31-2016 06:29 PM

‎05-31-2016 06:29 PM

Re: Modify Syslog source ip address

In your network design - is this switch doing inter-VLAN routing, or is it used as a layer-2 switch?

0 Kudos
AbeAbe
Trusted Contributor

‎05-31-2016 11:22 PM

‎05-31-2016 11:22 PM

Re: Modify Syslog source ip address

I tried it with

ip source-interface syslog vlan 10

and this changes the sourceip, but it doesn't change the IP inside the syslogmessage, aka messagetext.

"<134> Jun 1 08:07:54 10.0.0.51 03363 auth: AM1: User 'admin' logged out of SSH session from 10.0.0.1"

but sourceIP in the UDP-Packet: 10.0.1.51

 

if i don't use the ip Source-interface syslog command sourceIP and ip in the syslogmessage itself are the same.

 

hth

Abe

0 Kudos
Vince-Whirlwind
Honored Contributor

‎05-31-2016 11:27 PM

‎05-31-2016 11:27 PM

Re: Modify Syslog source ip address

I guess my question was really getting at this: if you're using VLAN10 for management, what are you using VLAN1 for?

Removing the VLAN1 address from the switch does what?

Generally, you might have an easy-going design where you use VLAN1 for management, or you have a proper management VLAN and don't use VLAN1 at all.

0 Kudos
LionLantech
Advisor

‎06-01-2016 12:37 AM

‎06-01-2016 12:37 AM

Re: Modify Syslog source ip address

Vince-Whirlwind yes, this switch is a L3 core switch so i can't remove any vlan/ip address.

It doesn't have any management-vlan configured.

I need to modify the syslog source-ip also on the text-message because my syslog server show the wrong ip on the text-message and another software can't associate this syslog message with the correct ip address.

 

 

0 Kudos
Michael Patmon
Trusted Contributor

‎06-03-2016 03:26 PM

‎06-03-2016 03:26 PM

Re: Modify Syslog source ip address

Hello.  This didn't work as I expected either so I did some digging.  Looks like we are grabbing the local stack address used to reach the syslog server IP and sticking that in the syslog message data.  The "ip source-interface syslog" command is changing the IP address that gets input into the IP packet header.  I'm not sure why the IP given in the syslog message isn't changed as well. 

This doesn't seem right to me but has behaved this way for some time.  I'm going to ping the SW team, will reply back with any findings.  But for now that's the way it appears to work, unfortunately...

0 Kudos
LionLantech
Advisor

‎06-06-2016 03:20 AM

‎06-06-2016 03:20 AM

Re: Modify Syslog source ip address

Thank you Michael Patmon. I'm glad to hear that you tested the same situation. I will wait for feedback from SW team.

0 Kudos
LionLantech
Advisor

‎06-16-2016 07:10 AM

‎06-16-2016 07:10 AM

Re: Modify Syslog source ip address

Hi all,

any news?

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.