HPE Community
HPE Aruba Networking & ProVision-based
1820493 Members
2058 Online
109624 Solutions
New Discussion

Syslog server for procurve switching network

 
lucentsound
Occasional Visitor

‎10-21-2015 08:06 AM

‎10-21-2015 08:06 AM

Syslog server for procurve switching network

Hi All,

i need to setup a logging system for a customer network made of 4200vl, 5400, 25xx series switches and

would like to know if anybody uses a free logging server on this kind of networking device.

 

I tried to installa rsyslog on ubuntu (i think it works listening  on 514 port TCP/UDP) and set on devices the command “logging x.x.x.x” but it doesn’t work.

 

Any suggestion?

 

Thanks in advance.

1 person had this problem.
0 Kudos
3 REPLIES 3
Michael Patmon
Trusted Contributor

‎10-21-2015 08:55 PM

‎10-21-2015 08:55 PM

Re: Syslog server for procurve switching network

Hello.  By default the switch sends syslog messages to the "user" facility so you'll have to tell the rsyslog server where to put those logs. 

 

HP-2530-24-PoEP(config)# show syslog config

 Syslog Configuration

 Syslog Facility : user                                              
 Syslog Severity : debug                                             
 Syslog System Module : all-pass                                          
 Syslog Priority Description :

 

 

On my setup I separate groups of switches into different syslog facilities:

 

$ grep local rsyslog.conf

local0.*                        /var/log/syslog.local0.log
local1.*                        /var/log/syslog.local1.log
local2.*                        /var/log/syslog.local2.log

 

(or user.* in the default case)

 

Then on the switch "logging facility local0". 

 

If I want the logs for a particular switch:

$ tail -f /var/log/syslog.local0.log | grep 128.44.120.1

Oct 21 20:28:24 128.44.120.1 03363 auth:  User 'mpatmon' logged out of SSH session from 128.44.120.100

 

I'm assuming rsyslogd is running:

$ ps -ef | grep rsys
root       464     1  0 Sep22 ?        00:01:02 /sbin/rsyslogd -n

 

...and that you have no firewalls blocking the syslog packets being received.

 

You can get way fancier but this does the job.  Hope that help.

 

 

0 Kudos
lucentsound
Occasional Visitor

‎10-22-2015 03:40 AM

‎10-22-2015 03:40 AM

Re: Syslog server for procurve switching network

Hello Michael, thank you for your reply.

 

I tried to see under the CLI command of a Procurve 5308 (an old series), of a 2524 and a 2910al that i have in our company but i didn't find the "show syslog config".

 

Can it depend on the old release?

 

Thank you in advance.

 

 

0 Kudos
Michael Patmon
Trusted Contributor

‎10-22-2015 12:11 PM - edited ‎10-22-2015 12:13 PM

‎10-22-2015 12:11 PM - edited ‎10-22-2015 12:13 PM

Re: Syslog server for procurve switching network

Yes, older platforms would not have the "show syslog" command unfortunuately.  It was added later.  

 

You will see the "logging facility" in the running-config if you change it from the default (user) to something else.

 

If you're still not seeing the logs try mirroring the link towards the syslog server and make sure the packets are sent out.  If not there's one more thing we can try in diagnostic mode.

 

# port with packet capture (like wireshark)

2910(config)# mirror-port 1

 

# uplink to syslog server
2910(config)# interface 48 monitor

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.