Syslog server not getting the event logs.

Solved
M_berget
Here to help

Syslog server not getting the event logs.

Hi!

 

I have a case where several networks don't send the event logs to the syslog server while other networks in the same template do send their logs. Is it also possible to verify that these log sources are inactive and that there is no error causing the log source to not send log events?
Do anyone have anyone experience regarding this issue?

See the picture below for the tags applied for the server:image.png

1 Accepted Solution
M_berget
Here to help

Traffic was blocked on the Azure firewall.

View solution in original post

6 Replies 6
DensyoV
Meraki Employee
Meraki Employee

Hi,

 

I suggest verifying the connectivity to the Syslogs servers and they are reachable from the MX and then take packet capture from the MX to see whether it is actually sending traffic to the servers or not. Also, if the Syslog servers are over the VPN, make sure there is no site-to-site VPN firewall rule blocking the traffic.

 

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

 

Thanks,

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
M_berget
Here to help

Hi!

 

Thank you for the tips.

There were no site-to-site VPN firewall rule blocking the traffic.
However have multiple networks started to send event logs to the server without that I did a thing.
I was unable to ping the syslog server, but it is most likely blocking ICMP, since I tried to ping it from a network who worked as well.
I can see that there are going traffic towards the syslog server, so I will follow your other step and verify that the appliance can reach the server.

M_berget
Here to help

Hi again!

 

I have a follow up question, there are several networks where we run two MX.
Will only the primary MX send logs to the syslog server og will both do it?

 

Best regards

 

Mberget.

DensyoV
Meraki Employee
Meraki Employee

Hi,

 

Yes, whichever is running as the primary.

 

Thanks,

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
M_berget
Here to help

Spoiler
 

Hi, again!

 

I was wondering if the MX will send syslogs of legacy equipment or if it only will send logs from Meraki switches and AP's.

M_berget
Here to help

Traffic was blocked on the Azure firewall.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels