[cisco-voip] 7.15 Subscriber not syslogging to remote syslog server..

Lelio Fulgenzi lelio at uoguelph.ca
Mon Oct 15 14:31:38 EDT 2012 

My subscribers seem to send lots of syslog data. Make sure there are no ACLs blocking communications. 


A simple test you can do is unplug a phone registered to the subscriber. It should send something. 


While on the sub, do a 'utils network capture dest <syslog_ip_addr>'. You should see something. You can then start troubleshooting upstream. 



Hopefully that helps. 

--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 


----- Original Message -----
From: "Tim Reimers" <treimers at ashevillenc.gov> 
To: cisco-voip at puck.nether.net 
Sent: Thursday, October 11, 2012 3:00:38 PM 
Subject: [cisco-voip] 7.15 Subscriber not syslogging to remote syslog server.. 




Hi all – 



I’m trying to figure out some things using syslog. 

I believe I’ve correctly configured remote syslog on both my pub/sub. 



The publisher is correctly sending syslog data to the remote syslog server. 

The subscriber never seems to send anything. 



For the basics, the publisher is in subnet 192.168.200.X 

Subscriber in subnet 192.168.201.X 

Most phones are in some 10.16.X.Y subnet 



All subnets are Vlan interfaces on one L3 switchstack, no firewalls or WAN links, etc. 

i.e, everything’s locally connected, so this isn’t about slow links, access-control lists, or anything like that. 





I’m seeing the below error in the syslog I do get from the CM1 (Publisher) 

Device IP address shown below is the IP of the Subscriber itself. 





cm1.2011-08-26.log:Aug 26 19:29:20 cm1 57: Aug 26 23:29:20.699 UTC : %CCM_CALLMANAGER-CALLMANAGER-3-DeviceTransientConnection: Transient connection attempt. Connecting Port:42653 Device name [Optional].: Device IP address [Optional].:192.168.201.6 Device type. [Optional]:255 Reason Code [Optional].:6 Protocol.:SCCP IPAddressAttributes [Optional].:0 App ID:Cisco CallManager Cluster ID:CM1-Cluster Node ID:CM1 



I can’t figure out whether that mention of the Subscriber IP having a “device transient connection” 

has anything to do with this or not. 





What my ultimate goal is, is to figure out whether an ATA is registering and sometimes falling offline and reregistering. 

So I thought I’d just grep my syslogs looking for that event from that device. 



Not so easy when most devices are registered to the Subscriber, and it ain’t sayin’ anything… 



;-) Tim 
_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20121015/bd6683c0/attachment.html>

More information about the cisco-voip mailing list