Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

HP Gbe2 syslog header format

JL123a
Occasional Advisor

HP Gbe2 syslog header format

I have recently configured a Gbe2 chassis switch to log to a syslog-ng server. The syslog-ng config uses filters with the IP addresses of the devices which are then used as the logfile names, e.g. 10.0.0.1.log.

No logfiles are being generated for the Gbe2 log messages. The traffic arrives but after running syslog-ng in debug mode it is not matching the filter.

After looking at some tcpdumps in more detail I can see that the switch IP address is not being supplied in the syslog header as normal.

Here is a normal syslog header received from a Procurve 2810 which logs with no problems:

Syslog message: USER.INFO: Dev 20 12:31:37 10.0.0.1 mgr: SME TELNET

Here is a syslog header received from a Gbe2:

Syslog message: LOCAL1.NOTICE: Dec 20 13:07:28 NOTICE Gbe2 Switch OS

The Gbe2 puts the severity type ('notice' in this case) where the hostname / IP should be.

Has anyone ever experienced this? Is there a way to make the Gbe2 supply its IP address in the syslog headers it sends?

Thanks.