Hello ,
I've setup a graylog server to monitor syslog messages. Every other switch identifies itself by it's IP address when sending syslog messages but the Netonix WS-24-400A only has UI: and then the message. There's no way for me to differentiate which switch has generated the error code. I've checked the settings on the switch and can't see anything which would cause this. Any ideas?
Also on version 1.4.7 firmware
Thanks
Saj
syslog messages not showing Netonix IP on Graylog Server
-
sileng - Member
- Posts: 3
- Joined: Mon Nov 02, 2015 8:49 am
- Location: Lancashire, England
- Has thanked: 0 time
- Been thanked: 0 time
-
jakematic - Experienced Member
- Posts: 168
- Joined: Thu Jul 14, 2016 8:15 am
- Location: NC USA
- Has thanked: 362 times
- Been thanked: 87 times
Re: syslog messages not showing Netonix IP on Graylog Server
Hi Saj-
They come through OK on standard rsyslog on Linux,
so am thinking it is a configuration issue with Graylog.
This post discusses a similar issue to yours https://groups.google.com/forum/#!msg/g ... btUQljEgAJ
I don't use Graylog, but perhaps that will help point you in the right direction. -jake
They come through OK on standard rsyslog on Linux,
- Code: Select all
Sep 11 12:04:55 ws12.jakematic.lan Port: link state changed to 'down' on port 4
Sep 11 12:04:55 ws12.jakematic.lan STP: set port 4 to discarding
Sep 11 12:04:54 core.jakematic.lan TRAPMGR[dot1s_task]: traputil.c(777) 5345378 %% Spanning Tree Topology Change Received: MSTID: 0 0/9
Sep 11 12:04:54 core.jakematic.lan TRAPMGR[dot1s_task]: traputil.c(777) 5345379 %% Spanning Tree Topology Change: 0, Unit: 1
Sep 11 12:04:56 core.jakematic.lan TRAPMGR[dot1s_task]: traputil.c(777) 5345380 %% Spanning Tree Topology Change Received: MSTID: 0 0/9
Sep 11 12:05:02 ws12.jakematic.lan Port: link state changed to 'up' (100M-F) on port 4
Sep 11 12:05:02 ws12.jakematic.lan STP: set port 4 to discarding
Sep 11 12:05:04 ws12.jakematic.lan STP: set port 4 to learning
Sep 11 12:05:04 ws12.jakematic.lan STP: set port 4 to forwarding
Sep 11 12:06:11 ws12.jakematic.lan UI: Log cleared by admin (192.168.0.141)
so am thinking it is a configuration issue with Graylog.
This post discusses a similar issue to yours https://groups.google.com/forum/#!msg/g ... btUQljEgAJ
Instead of syslog("graylog.lab.xxx.xxx" port(5514)); try:
network("graylog.lab.xxx.xxx" port(5514));
This used to be udp() or tcp() depending on the transport you wanted.
Newer versions of syslog-ng documentation have emphasized IETF/RFC5424 examples, but what you are looking for is the older BSD/RFC3164 formatted message.
I don't use Graylog, but perhaps that will help point you in the right direction. -jake
2 posts
Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 39 guests