Not able to collect logs from network switch to syslog

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
rohan0411
Posts: 2
Joined: Thu Mar 16, 2017 1:48 pm

Not able to collect logs from network switch to syslog

Post by rohan0411 »

I am not able to collect logs from network switch to syslog. I am using Ubuntu 14.04 with Cacti 0.8.8h.
I have all the devices added with graphs working , however nothing is being populated in syslog plugin view for network swithces connected in our netowrk. I can add windows and linux boxes though.
I have tries using rsyslog,syslog-ng and snmptt but nothing works.
In switches we have alredy enabled snmp and snmptrap and added the IP for cacti server as syslog server.
I have also followed below URLs:
https://ubuntuforums.org/showthread.php?t=1826166

Note, We are using MRTG community, SNMP v2 for connection to all switches. Whereas for linux client boxes, I simply added IP for cacti in rsyslog.conf flie and I was able to see the logs in syslog tab in CACTI.
For us it is really importatn to capture switch logs, else management would not like to continue with CACTI.
Please cacti experts, help me !!! :o

root@cacti:~# netstat -a |grep syslog
udp 0 0 *:syslog *:*
udp 0 0 *:syslog *:*
unix 2 [ ACC ] STREAM LISTENING 368825 /var/lib/syslog-ng/syslog-ng.ctl
unix 2 [ ACC ] STREAM LISTENING 3003613 /var/lib/syslog-ng/syslog-ng.ctl
root@cacti:~#
Top
rohan0411
Posts: 2
Joined: Thu Mar 16, 2017 1:48 pm

Re: Not able to collect logs from network switch to syslog

Post by rohan0411 »

This is my current status on syslog-ng recieving status...
root@cacti:/etc/syslog-ng# netstat -ntulp "pipe" grep ":514"Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 35262/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 50209/mysqld
tcp6 0 0 :::80 :::* LISTEN 50536/apache2
tcp6 0 0 :::22 :::* LISTEN 35262/sshd
udp 0 0 127.0.0.1:161 0.0.0.0:* 42498/snmpd
udp 0 0 0.0.0.0:47386 0.0.0.0:* 42498/snmpd
udp 0 0 0.0.0.0:514 0.0.0.0:* 8543/syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 7520/syslog-ng
root@cacti:/etc/syslog-ng#

We also dont have any firewall in between...

root@cacti:/etc/syslog-ng# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@cacti:/etc/syslog-ng# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

oot@cacti:~# lsof -i :162
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
snmptrapd 9784 root 9u IPv4 3054505 0t0 UDP *:snmp-trap
root@cacti:~#
Top
Post Reply

Return to “Help: General”

Who is online

Users browsing this forum: No registered users and 2 guests