Meraki

Community

syslog over non-meraki vpn/combined network no syslog

Shaun1387
Getting noticed
‎Aug 4 2023 6:55 AM
‎Aug 4 2023 6:55 AM

syslog over non-meraki vpn/combined network no syslog

Hi All,

 

Quick overview..

 

I have a combined network with an MX at the top and some MS switches and MR AP's.

I have a requirement to send syslog from all of these devices over a non-meraki VPN from the MX out to a server on the other end of the tunnel.

 

Im not seeing any syslog at all either originating from the MX,MR or MS devices (local packet capture shows no syslog traffic at all) or arriving at the MX to initiate the VPN.

 

Im certain that all i need to configure is the syslog server definition in 'network-wide/configure' which i have done. The routing table looks good, there is a route there pointing to the NMVPN and if is fire a ping off from the MR, MS or MX i see the ICMP turn up at the MX in a packet capture and it fires up the VPN.

 

Its a simple config, all of the vlans including the mgt are routed off the MX so i should be at least seeing them turn up there even if the VPN was broken. 

 

Firewall rules look ok as does the site-to-site rules, which im not convinced are the issue anyway as im not seeing the MR/MS generating syslog when doing a lan side packet capture on these directly.

 

Am i missing a trick here ? is there a config item i have missed ?

 

Cheers

Shaun

 

 

 

 

0 Kudos
3 Replies 3
pmhaske
Meraki Employee
Meraki Employee
‎Aug 4 2023 1:54 PM
‎Aug 4 2023 1:54 PM

Hello!

Please have a look at the configuration article below to confirm roles are created for each device type as required. E.g, you can add a role for switch event logs and make changes like cycling a port to see if syslog gets generated and gather packet capture to confirm.

 

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overv...

 

Further, are you able to ping the Syslog server IP address? This is just to ensure network connectivity.

I recommend opening a case with Meraki Support or calling us so an NSE can help with troubleshooting your issue effectively.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 6 2023 2:10 PM
‎Aug 6 2023 2:10 PM

You could try doing a packet capture on the mx for udp/514.  If you don't see the traffic, you know it is a syslog configuration issue on the Meraki side.  If you do see the traffic you know it is related to the VPN or the syslog server.

Shaun1387
Getting noticed
‎Aug 9 2023 1:28 AM
‎Aug 9 2023 1:28 AM

Hi All,

 

Thanks for the help with this guys.

 

This is baffling. I picked up your replies on Monday morning and was just about to set about double checking stuff out but i thought i would just make sure it was still dead.... and behold....  without me doing anything, it was working !

 

No idea whats happened there ,I never made any changes and its a dev environment which only i am using at the moment so i cant explain why it wasnt working on Friday, then was on Monday morning.

 

I cant imagine there was some sort of delay or issue with the dashboard provisioning the commands down to the box which took a weekend to do but in the absence of any other reason ?... dunno.

 

I have been monitoring it since Monday morning and it appears to be working correctly now.

 

Thanks again for your help and assistance guys.

 

Cheers

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.