Re: Why I Can't forward syslog messages using the ip

From: louis john (west_coast@inbox.com)
Date: Sun Jun 24 2007 - 12:57:57 ART

• Next message: Colin McNamara: "Re: Introducing myself"
• Previous message: Petr Lapukhov: "Re: Great Book!"
• Maybe in reply to: Peter Kingston: "Re: Why I Can't forward syslog messages using the ip"
• Next in thread: Shafagh Zandi: "Re: Why I Can't forward syslog messages using the ip"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Blaine, Hi all

It did not work with me or maybe I am not able to adjust things fine, to make things more easy I did new scenario :

R4 ---- Ethernet --- R1-----Ethernet---SW1--FAS1/0/48---Solarwinds Syslog server.

as I understood from the documentation , an ip broadcast is an ip packet whose destination is a valid broadcast for some IP subnet, but which originates from a node that is not itself part of the destination subnet.

so in this case R4 will send the logging messages as broadcast to R1, R1 should consult the ip helper-address and forward the udp traffic towards the ip address of sw2 (192.168.1.80).

when the traffic reach 192.168.1.80, it should explode into a physical address 192.168.1.255

anyways this is not happening!, and as a side note, how the syslog server will understand this traffic ? the solarwinds syslog server listens on udp port 514 !

should not I re-translate things to be destined for udp 514 !

can someone experience here in the group explain how can I make it work ?

here are the simple configuration on my devices (IGP is reachable every where):

R4
interface Ethernet0
 description Connected R1 E1
 ip address 172.16.1.4 255.255.255.0

logging 172.16.1.255

R1
interface Ethernet1
 description Connected R4 E0
 ip address 172.16.1.1 255.255.255.0
 ip helper-address 192.168.1.80

ip forward-protocol udp syslog

interface Ethernet0
  description Connected SW1 Fast 1/0/1
  ip address 172.17.1.1 255.255.255.0

SW1

interface FastEthernet1/0/48
 no switchport
 ip address 192.168.1.80 255.255.255.0
 ip directed-broadcast

interface FastEthernet1/0/1
 no switchport
  description Connected To R1 E0
  ip address 172.17.1.7 255.255.255.0

> -----Original Message-----
> From: williams.blaine@gmail.com
> Sent: Sun, 24 Jun 2007 09:53:55 -0400
> To: west_coast@inbox.com
> Subject: Re: Why I Can't forward syslog messages using the ip
> helper-address command
>
> Louis,
>
> R1 needs to receive the syslog messages as broadcasts for the ip
> helper-address command to work. Try logging to the directed broadcast
> 150.1.1.255 on R4. Don't forget to allow directed broadcasts on R1's
> loopback. Then move your ip helper-address command from int Se0 to
> Lo0. It has to be enabled on the interface receiving the broadcasts.
>
> You shouldn't have to set the broadcast address on SW2. If everything
> goes correctly, the syslog packets will be sent to the directed
> broadcast 150.1.1.255 on R4. R1 will route it to it's Lo0 interface.
> The ip directed-broadcast functionality will allow the directed
> broadcast to be exploded to the physical broadcast 255.255.255.255.
> With ip helper-address 192.168.1.101 on Lo0 and the ip
> forward-protocol udp syslog, R1 will then take the physical broadcast
> packet and unicast it to your syslog server. Of course, I haven't
> tried this using loopbacks before, just the directly connected
> interfaces.
>
> Let us know if you get it working.
>
> Blaine W.
>
> On 6/21/07, louis john <west_coast@inbox.com> wrote:
>> Hi All,
>>
>> I am trying to forward the syslog messages received by the serial
>> interface of R1 to the syslog server connected to SW2, but I can not see
>> any syslog messages on my server.R4 is forwarding the syslog messages to
>> R1, that's why I configured the "logging 150.1.1.1" toward R1.
>> the condition is to use the ip helper-address, so I can not configure
>> the simple logging command toward the server.
>>
>> shouldn't the command ip helper-address forward the syslog messages to
>> the address associated with it? maybe I am not able to do it because the
>> syslog is reaching R1 an unicast, and the rule it must be all IP levle
>> broadcast for the ip helper-address command to start work !
>>
>> if this is case then how I will convert the syslog traffic to be
>> broadcast then !
>>
>>
>>
>>
>>
>> I will be thankful if you shed light on this issue
>>
>>
>> R4----R1-----SW2---SYSLOG SERVER(192.168.1.101)
>>
>>
>> R4
>> logging 150.1.1.1
>>
>> R1
>> inter loopback 0
>> ip address 150.1.1.1
>>
>> interface Serial0
>> ip helper-address 192.168.1.101
>>
>>
>> ip forward-protocol udp syslog
>>
>> SW2
>> interface fas1/0/48
>> no switchport
>> ip add 192.168.1.80 255.255.255.0
>> ip broadcast-address 192.168.1.255
>>
>>
>> Note: Reachability is done between all devices
>>
>> ____________________________________________________________
>> FREE ONLINE PHOTOSHARING - Share your photos online with your friends
>> and family!
>> Visit http://www.inbox.com/photosharing to find out more!
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>

• Next message: Colin McNamara: "Re: Introducing myself"
• Previous message: Petr Lapukhov: "Re: Great Book!"
• Maybe in reply to: Peter Kingston: "Re: Why I Can't forward syslog messages using the ip"
• Next in thread: Shafagh Zandi: "Re: Why I Can't forward syslog messages using the ip"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART