Is the recommendation to disable console logging still up to date?

Unanswered Question
Jun 27th, 2007
User Badges:

Hi,

several years ago cisco technicians recommended to disable console logging if not explicitly needed because a huge amount of logging messages sent to the console port in a short time period could cause high cpu utilization.

This was also a vulneralibity concerning DOS attacks.


Does anybody know if this recommendation is still up to date on ios and cat os?


Best Regards,

Thorsten

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.3 (3 ratings)
Loading.
guruprasadr Wed, 06/27/2007 - 02:17
User Badges:
  • Gold, 750 points or more

HI Thorsten, [PLS Rate if Helps]


no logging console global configuration command (highly recommended for routers that are not usually accessed through the console port) or you might want to limit the amount of messages sent to the console with the logging console level configuration command (for example, logging console notifications).


Note: Use the Latest IOS Release with Product Specific Features to avoid such Problems.


Normally, commands like "show tech-support" & other show command with Running Long Outputs will increase the CPU Utilzation.


Also, Continuous Logging Messages to Console / VTY session will also increase the CPU Load & will experience slow system performance.


So, its always recommended to send all Logging Messages / Trap Message to some Logging Server (PC) in the Local Network.


PLS Rate if HELPS


Best Regards,


Guru Prasad R

royalblues Wed, 06/27/2007 - 03:16
User Badges:
  • Green, 3000 points or more

Yes this is true.


You should always try to disable console logging. It is better to send these logs to the buffer or some logging server


Narayan

Richard Burts Wed, 06/27/2007 - 05:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I believe that the best answer to this question will vary depending on how the router is used. If there generally is not a device connected on the console port then certainly it makes good sense to totally disable logging to the console. If there is a device connected to the console and particularly if someone looks at this from time to time then I am not sure that disabling console logging is a good idea.


I believe that we would all agree that in general it is best to not send level 7 (debug) output to the console since that tends to be the most voluminous output and has the most potential to impact the router.


While output to the console does have more impact than output to terminal monitor or output to logging buffered, I think that you should consider the potential benefit of console logging if the console might be monitored.


HTH


Rick

Actions

This Discussion