[nsp] Default syslog source-interface

Bruce Pinsky bep at whack.org
Thu Jan 22 18:40:46 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Kristoff wrote:

| On Thu, 22 Jan 2004 13:35:20 -0500
| Peter Gutierrez <peterg at nic.umass.edu> wrote:
|
|
|>I can't verify since we always use `logging source-interface Loopback0`
|>in the config, but I think the egress interface for the packets going
|>to the syslog host is used.
|
|
| Multiple people told me this privately also and that is what I would
| have thought, however...
|
| I ran into a case where syslog messages were not showing up on a
| remote server.  After some toying with the config, I specifically
| set 'logging interface vlan XYZ' where XYZ is a VLAN with the subnet
| of the directly attached log server.  Setting source-interface to
| the directly connected vlan fixed the problem (verified multiple
| times by doing a 'no logging source-interface'.
|


When you say "logging interface vlan XYZ" do you mean the command "logging
source-interface vlan XYZ' and where vlan XYZ is the SVI at layer 3 for the
collection of ports in VLAN XYZ?    If so, were the packets not sourced
using the IP address assigned to the SVI?

When you say "setting source-interface to the directly connected interface
vlan", which specific interface did you point the source-interface command
at?  What it a physical interface or a logical interface?


| There is a secondary IP and a HSRP virtual IP on this interface also,
| but even if it used one of those IPs I would expect the messages to
| get through.  There are also ingress and egress ACLs on the interface,
| but if I recall, those should not interfere with packets source from
| the router.  It doesn't appear that anything on the server would be
| preventing messages from arriving either.
|

I checked, and in the absence of the source-interface command, the exit
interface is looked up for the logging host IP address and the source
address for the syslog packet is set to the primary address of that interface.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAEF9+E1XcgMgrtyYRAmVMAJsFTfNW6amE1TJJHdL9FevQRo6NDQCcCH8u
n3bzuRtleZS6xrYbb5hApS0=
=CNpL
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list