Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Syslog question

Status
Not open for further replies.
yanks2112

yanks2112

IS-IT--Management
Jan 5, 2004
110
US
Hi All

I have about 20 switches throughout my organization (Catalyst 2950) and I want to send logs to a syslog server. I am able to configure logging and send syslogs to the syslog server with no problem. My questions are:

1) Is is wise to log all 20 switches to a syslog server, that may be a stupid question but I was curious in terms of traffic over the wire sending the syslogs.

2) How do I differentiate between the switches? I see the syslogs in the same log file for all the switches (so far I've done 2) and I cant find a way to differentiate the two switches.

Thanks for your help
 
Sort by date Sort by votes
What syslog program are you using? I use SolarWinds and it has the switches all in one log, but there's an IP column, which tells you which switch the event came from. Maybe you just need to add a column to your view.

In answer to your first question, even logging at the highest level (6 - you get every thing from interfaces going up and down to dup mismatches, etc., to more severe messages), it shouldn't be a problem. I have over a hundred switches and routers all syslogging to the same syslog server (running on a Win2k Workstation) and haven't had any traffic problems.
 
Upvote 0 Downvote
It shouldn't be a problem sending those logs . While it may seem like a lot , these are basically small text messages which don't take a lot of bandwidth or space . You do need to set a date on how long you want to keep the messages otherwise your file size would eventually become huge if you never delete anything.
 
Upvote 0 Downvote
Thanks for the info chipk and viperg, I am using the syslog server that came with my PIX. It time stamps the logs for the PIX but not for the switches. Is there a separate syslog program for the switches or is there a parameter within the logging option to set the time stamp on the logs

Thanks again
 
Upvote 0 Downvote
Actually it does time stamp the logs but I can't tell which messages are from what switch, is there a parameter that I can set that will tell me the switch that is sending the syslog message

Thanks again
 
Upvote 0 Downvote
Sorry for asking a question before researching. I dwnloaded KIWI syslog server and it does everything I need, including the ip of the switch sending the logs

Thanks again
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
344
Zero6
Zero6
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
278
burtsbees
burtsbees
disturbedone
  • Locked
  • Question
Not sending to Syslog server
Replies
3
Views
270
disturbedone
disturbedone
mkc1962
  • Locked
  • Question
Cisco 2602e connection question
Replies
0
Views
169
mkc1962
mkc1962
azrael2000
  • Locked
  • Question
quick question...re layer 3 with routing
Replies
1
Views
266
chieftan
chieftan

Part and Inventory Search

Sponsor

Back
Top