ACE : PROBE-FAILED and Syslog messages

Answered Question
Sep 29th, 2010
User Badges:

Hi,


When a real server is in PROBE-FAILED status, I observe a syslog message at each trial of the proble. This fills our syslog server. Is there a mean to configure the ACE in such a way that a syslog message would be generated only when a transition occurs in the probe status ?


Thank you for any hints,


Yves

Correct Answer by kitanaka about 6 years 8 months ago

Hello,



You can utilize "logging trap " command and

"logging message level " command

in order to achive what you are seeking.


The "logging trap " command limits the logging messages sent to a syslog server based on severity.

If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.


You can disable the display of a specific syslog

message or change the severity level of a specific system log message using

"logging message level " command.




Not sure what kind of probe you are using but If it is ICMP probe and

the reason of probe failure is arp, it generates a message for every try

as below with severity level of 3, by default.


%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP



If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.


switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
                message 251009: current-level 6  default-level 3 (enabled)



You can check the message id that is filling the syslog server

and change its security level to higher number than "logging trap ".



Regards,

Kimihito.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
kitanaka Wed, 09/29/2010 - 05:37
User Badges:

Hello,



You can utilize "logging trap " command and

"logging message level " command

in order to achive what you are seeking.


The "logging trap " command limits the logging messages sent to a syslog server based on severity.

If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.


You can disable the display of a specific syslog

message or change the severity level of a specific system log message using

"logging message level " command.




Not sure what kind of probe you are using but If it is ICMP probe and

the reason of probe failure is arp, it generates a message for every try

as below with severity level of 3, by default.


%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP



If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.


switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
                message 251009: current-level 6  default-level 3 (enabled)



You can check the message id that is filling the syslog server

and change its security level to higher number than "logging trap ".



Regards,

Kimihito.

yves.haemmerli Wed, 09/29/2010 - 06:14
User Badges:

Hi Kimihito.


Thank you for your answer, it is exactly what I was looking for.


best regards,


Yves

Actions

This Discussion