ACE : PROBE-FAILED and Syslog messages

Answered Question
Sep 29th, 2010

Hi,

When a real server is in PROBE-FAILED status, I observe a syslog message at each trial of the proble. This fills our syslog server. Is there a mean to configure the ACE in such a way that a syslog message would be generated only when a transition occurs in the probe status ?

Thank you for any hints,

Yves

I have this problem too.
0 votes
Correct Answer by kitanaka about 6 years 3 months ago

Hello,


You can utilize "logging trap " command and

"logging message level " command

in order to achive what you are seeking.


The "logging trap " command limits the logging messages sent to a syslog server based on severity.

If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.


You can disable the display of a specific syslog

message or change the severity level of a specific system log message using

"logging message level " command.


Not sure what kind of probe you are using but If it is ICMP probe and

the reason of probe failure is arp, it generates a message for every try

as below with severity level of 3, by default.


%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP


If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.

switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
                message 251009: current-level 6  default-level 3 (enabled)

You can check the message id that is filling the syslog server

and change its security level to higher number than "logging trap ".

Regards,

Kimihito.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
kitanaka Wed, 09/29/2010 - 05:37

Hello,


You can utilize "logging trap " command and

"logging message level " command

in order to achive what you are seeking.


The "logging trap " command limits the logging messages sent to a syslog server based on severity.

If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.


You can disable the display of a specific syslog

message or change the severity level of a specific system log message using

"logging message level " command.


Not sure what kind of probe you are using but If it is ICMP probe and

the reason of probe failure is arp, it generates a message for every try

as below with severity level of 3, by default.


%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP


If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.

switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
                message 251009: current-level 6  default-level 3 (enabled)

You can check the message id that is filling the syslog server

and change its security level to higher number than "logging trap ".

Regards,

Kimihito.

yves.haemmerli Wed, 09/29/2010 - 06:14

Hi Kimihito.

Thank you for your answer, it is exactly what I was looking for.

best regards,

Yves

Actions

This Discussion