You want the router to use a particular source IP address for syslog messages.
Use the logging source-interface configuration command to specify a particular IP address for syslog messages:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging 172.25.1.1 Router(config)#logging source-interface loopback0 Router(config)#end Router#
When you enable logging to a remote server, that server will normally see the source of the message as being the router's nearest interface. However, this is not always meaningful. Sometimes you want it to be a loopback address so that all messages from this router look the same. For example, it is a common practice to populate DNS with only the loopback IP addresses to facilitate router access. This means that none of the other router interfaces can be resolved using DNS:
Apr 2 20:27:01 172.25.2.6 94: %SYS-5-CONFIG_I: Configured from on vty0 Apr 2 20:27:48 Boston 95: %SYS-5-CONFIG_I: Configured from on vty0
This example shows two identical log messages originating from the same router, as they appear on the syslog server. The first message uses the IP address of a serial interface that the syslog server is unable to resolve. Note that the server still stores the message, but it uses the IP address to identify the source.
The second log message occurs after configuring the router to use the loopback interface as the source address. The syslog server is now able to resolve the source IP address and identifies the source as the router Boston. This makes parsing the log file for all syslog messages that belong to this router straightforward and simple.
Top |