Incorrect Syslog message format

Unanswered Question
Aug 15th, 2007
User Badges:

Hi all,


I am receiving incorrect syslog message format with the famous six octets on my netcool trap collection box. The double date formate is causing some headaches.


Sample data from Netcool:

Aug 14 15:56:19 [10.155.14.249.216.64] 263: Aug 14 15:56:19.737: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state

to down

Aug 14 15:57:00 [10.155.14.249.216.64] 267: Aug 14 15:56:59.740: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state

to up


Sample data from Router log:

*Aug 14 15:13:18.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

*Aug 14 15:13:27.860: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up

*Aug 14 15:13:28.860: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up


Any idea why I am getting double date format on the collection box?


Thanks in advance for your help


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 08/15/2007 - 08:40
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

One date is included in the message sent from the device, and the other date is added by syslogd on the server. You can disable the device from including the time with:


no service timestamps log


But this will omit the time from your logging buffer as well. It might be better to see if Netcool can adapt to the double date format, or try using another syslog daemon that gives you the ability to drop the date (e.g. syslog-ng may give this capability).


Alternatively, if your devices are running 12.3(2)T or higher, you can use the Embedded Syslog Manager feature in IOS to format the messages exactly how you want. See http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a8516.html for more details on ESM.

eudechime Wed, 08/15/2007 - 08:54
User Badges:

Thanks for your response.


Wondering what could be the reason for not receiving traps from ES module interfaces? I was wondering that it could be due to misconfiguration. Check message "configuring syslog and snmp on integrated service router (ISR) posted yesterday.


Thanks again

Actions

This Discussion