Incorrect Syslog message format

eudechime · ‎08-15-2007

Hi all,

I am receiving incorrect syslog message format with the famous six octets on my netcool trap collection box. The double date formate is causing some headaches.

Sample data from Netcool:

Aug 14 15:56:19 [10.155.14.249.216.64] 263: Aug 14 15:56:19.737: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state

to down

Aug 14 15:57:00 [10.155.14.249.216.64] 267: Aug 14 15:56:59.740: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state

to up

Sample data from Router log:

*Aug 14 15:13:18.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

*Aug 14 15:13:27.860: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up

*Aug 14 15:13:28.860: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

Any idea why I am getting double date format on the collection box?

Thanks in advance for your help

Joe Clarke · ‎08-15-2007

One date is included in the message sent from the device, and the other date is added by syslogd on the server. You can disable the device from including the time with:

no service timestamps log

But this will omit the time from your logging buffer as well. It might be better to see if Netcool can adapt to the double date format, or try using another syslog daemon that gives you the ability to drop the date (e.g. syslog-ng may give this capability).

Alternatively, if your devices are running 12.3(2)T or higher, you can use the Embedded Syslog Manager feature in IOS to format the messages exactly how you want. See http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a8516.html for more details on ESM.

eudechime · ‎08-15-2007

Thanks for your response.

Wondering what could be the reason for not receiving traps from ES module interfaces? I was wondering that it could be due to misconfiguration. Check message "configuring syslog and snmp on integrated service router (ISR) posted yesterday.

Thanks again