cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
0
Helpful
1
Replies

Filtering Syslog messages

snarayanaraju
Level 4
Level 4

I am practising Syslog configuration

I have enabled logging trap informational and it is working perfectly. But it is throwing
all the syslog message at this level to SYSLOG server.

Is there any possibility available to send only the logs related to some events to to SYSLOG server and filtering rest all so that SYSLOG message will be easy to identify the event.

Hope this explanation is not vague and Hope you will help me.

sairam

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

snarayanaraju wrote:

I am practising Syslog configuration

I have enabled logging trap informational and it is working perfectly. But it is throwing
all the syslog message at this level to SYSLOG server.

Is there any possibility available to send only the logs related to some events to to SYSLOG server and filtering rest all so that SYSLOG message will be easy to identify the event.

Hope this explanation is not vague and Hope you will help me.

sairam

Sairam

With standard syslog on IOS you can't really do this. What you can do though is have more intelligent syslog server that allows you to match on patterns within the syslog messages and send to diffferent outputs based on this. I have used syslog-ng in the past for this sort of thing and it works well.

Obviously that does not stop the syslog messages being sent across the network though so you are not saving anything on bandwidth.

There is also something relatively new called the Embedded Syslog Manager. I have never used it and am not sure if it would meet your requirements but it does look to have the capability to filter on the actual router -

ESM

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: