Hey WAN OPT folks,
We recently installed a WAAS solution on 4.1.3b (we are in the process of an upgrade to 4.1.5b to resolve some MAPI AO 'spillover' issues). We have two CMs, four 7341s and twelve 674s.
We wanted to keep an eye on things so we started to run scripts against our Syslog servers looking for anything coming from our WAAS units. While some of the information has been helpful, most seems to be noise. We opened a TAC case on some events that were rated with a Syslog severity level of 3. TAC informed us that those particular events were cosmetic.
My question is; Does anyone have a good list of Syslog messges that are most important to look for? Traditionally we would have looked at Severity 0 through 5 or maybe 6. But with TAC informing us that some of those are not important, we're having a hard time coming up with a list of which ones we should keep an eye out for.
While not a definitive list, when I'm inspecting these manually for Cisco customers, I will typically start to filter on the following words:
ERROR, WARN, FAIL, HEALTHY, REQUESTS RESTART, SEEING ITS OWN, ROUTING LOOP
1. ERROR - There are a lot of things that come up under ERROR that are benign/cosmetic. A little stick time with looking at these will help you hone that query a bit more - if you have questions about specific ones, post them here and I will try and explain them.
2. WARN - these are also typically benign but can be a precursor to problems to come.
3. FAIL - usually worth looking into
4. REQUESTS RESTART - each component of WAAS Optimization (HTTP AO, NFS AO, MAPI AO, etc.) can experience an error and reload itself w/o impacting other areas of the box. If you see a lot of these for a particular AO, worth opening a TAC case.
5. SEEING ITS OWN - typically a routing loop
6. ROUTING LOOP - similar to #5 - means a packet goes through WAAS twice
For those not exporting to syslog and using a Mac, I like to export the syslog.txt file to the Mac, change the file extension to syslog.log, then open it with console.app on the Mac - you can easily filter for these words and more in the upper left filter pane.
If there are any that you're seeing in your syslog, feel free to post em here and I'll take a look at them.
Steve Wasko (Cisco)