Send Log to Graylog but not show src address

sokchen.m · October 14, 2019, 8:06am

Dear Support Team,

I have an issue with our device send logged to Graylog but not show src address. It show only timestamp “Oct”. Please kindly help check to configure below:

SW#sh run | in logg
logging buffered 409600
no logging console
logging facility local5
logging source-interface Vlan1
logging 10.10.10.1
ntp logging
SW#sh run | in time
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone

Thank for your support
BR,
Moeun Sokchen

jan · October 14, 2019, 11:08am

I guess that your messages are not following the syslog framework. But without sharing information what device you use or without sharing any information that is all just guessing,

lmuir · October 18, 2019, 5:43am

Looks like a Cisco. Try adding this to your Cisco config:
logging origin-id ip

More info: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-xe-3se-5700-cr-book/esm-xe-3se-5700-cr-book_chapter_00.html

shoothub · October 18, 2019, 7:45am

I use workaround for such devices line switches, routers. So I simply change source to source ip of sending device using this pipeline rule:

rule "Set Source IP"
when
  has_field("message")
then
  set_field("source", to_string($message.gl2_remote_ip));
end

system · November 1, 2019, 7:45am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cisco wlc logs to Graylog Graylog Central (peer support)	5	1040	February 9, 2021
How to show local0 messages on graylog Graylog Central (peer support)	6	605	March 13, 2021
Delayed Syslog From Cisco Switch Graylog Central (peer support)	4	90	March 28, 2024
Problem to receive in interface log Graylog Central (peer support)	1	758	February 27, 2017
Cisco 3750 logs showing date as source Graylog Central (peer support)	3	308	May 18, 2023

Send Log to Graylog but not show src address

Related Topics