Filtering Syslog messages

Unanswered Question
Dec 2nd, 2009
User Badges:

I am practising Syslog configuration


I have enabled logging trap informational and it is working perfectly. But it is throwing
all the syslog message at this level to SYSLOG server.


Is there any possibility available to send only the logs related to some events to to SYSLOG server and filtering rest all so that SYSLOG message will be easy to identify the event.


Hope this explanation is not vague and Hope you will help me.


sairam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 12/03/2009 - 04:47
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

snarayanaraju wrote:


I am practising Syslog configuration


I have enabled logging trap informational and it is working perfectly. But it is throwing
all the syslog message at this level to SYSLOG server.


Is there any possibility available to send only the logs related to some events to to SYSLOG server and filtering rest all so that SYSLOG message will be easy to identify the event.


Hope this explanation is not vague and Hope you will help me.


sairam


Sairam


With standard syslog on IOS you can't really do this. What you can do though is have more intelligent syslog server that allows you to match on patterns within the syslog messages and send to diffferent outputs based on this. I have used syslog-ng in the past for this sort of thing and it works well.


Obviously that does not stop the syslog messages being sent across the network though so you are not saving anything on bandwidth.


There is also something relatively new called the Embedded Syslog Manager. I have never used it and am not sure if it would meet your requirements but it does look to have the capability to filter on the actual router -


ESM


Jon

Actions

This Discussion