Setting the IP Source Address for Syslog Messages
Problem
You want the router to use a particular source IP address for syslog messages.
Solution
Use the logging source-interface configuration command to specify a particular IP address for syslog messages:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host 172.25.1.1
Router(config)#logging source-interface Loopback0
Router(config)#end
Router#
Discussion
Normally, when you enable logging to a remote server, that server will see the source of the message as being the router's nearest interface. However, this is not always meaningful. Sometimes you want it to be a loopback address so that all messages from this router look the same. For example, it is a common practice to populate DNS with only the loopback IP addresses to facilitate router access. This means that none of the other router interfaces can be resolved by using DNS:
Apr 2 20:27:01 172.25.2.6 94: %SYS-5-CONFIG_I: Configured from on vty0
Apr 2 20:27:48 Boston 95: %SYS-5-CONFIG_I: Configured from on vty0
The above example shows two identical log messages originating from the same router, as they appear on the syslog server. The first message uses the IP address of a serial interface that the syslog server is unable to resolve. Notice that the server still stores the message, although it uses the IP address to identify the source.
The second log message occurs after configuring the router to use the loopback interface as the source address. Notice that the syslog server is now able to resolve the source IP address and identifies the source as the router Boston. This makes parsing the logfile for all syslog messages that belong to Boston straightforward and simple.