Batboard

Hello All,

I am having a heck of an issue that I just cant figure out regarding syslog. We use syslog to monitor repeaters, specifically Tait TB9100. I use WhatsUp gold. I usually use Windows XP, as it is easy to use and we never had problems, however now that it is extinct I am forced to use w7 on the server machine.

Long story short, the programming of the repeater is simple. Target IP addy (IP addy of the computers NIC), pick logging level, and a check box to send the information on the network. Life should be simple, install syslog server, bind it to the IP addy of the nic on port 514 and hit go. No syslog messages are coming through. I have the computer co located with a repeater, and obviously other units throughout the network and none of them are sending the data. All sites, and even the co located one all use transparent cisco consumer grade switches (don't ask).

I have run netstat and port 514 is bound to the proper IP and listening for UDP traffic. Internal test messages are successful in the syslog software, and the system is flawlessly performing IP voting (on the same network).

I am stumped. I have the computers fire wall off, a port exception in inbound and outbound rules, and it still isn't working. Am I missing something in windows 7? Does anyone else have experience with this type of setup.

Thanks, Rob

Is syslog configured to accept logging messages from the remote system?

Yes, I believe so. It is simple to set up software wise. Just the port and ip addy and a few check boxes as to what to do when the messages come in. I have tried numerous programs, I'm thinking network or cpu issue, but I am not the network or cpu savvy.

Rob

If you can, get a copy of Wireshark, and sniff what is coming out of the system. That should let you see if the system is trying to send log entries to the syslog system.

Ok, thx. I will give that a shot.

One other thing that occurs to me: syslog runs on both TCP and UDP. Could it be your equipment is wanting to use TCP rather than UDP, and your syslogd is only running UDP?

Another fairly quick test would be to set up a Linux box with syslogd - I know how to configure a "proper" syslogd to receive remote log requests, and could help you better. Then, once you've proven out the equipment side of the equation, you could work on the Windows side.

TB9100 definitely uses UDP for syslog out and not TCP
What log level are you asking for? The TB9100 doesn't generate many messages unless you ask for the verbose logging.

I was using log level critical, which should tell me ac mains fail and if a unit is lost from the channel group? I am not getting anything. Rob

I think that you need Warning for mains fail. Not sure about lost from channel group - I don't think that is considered to be a problem condition because the reason can't be determined and it is likely to happen simultaneously from a lot of places (if every unit monitors every other unit). Might be possible with Task Manager custom alarms and network function codes. I think that custom alarms can have any severity that you like but the built in alarms use error severity when the alarm happens and warning when it goes away.

Ok, I will lower down the level and give it a shot. Thx, Rob