Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10764
Views
5
Helpful
5
Replies

logging discriminator issue

Go to solution
dakahn
Level 1
Level 1

‎02-23-2015 03:06 PM

I have read through the community and cannot find a example of what I am trying to do. I am trying to drop all syslog messages that have the message type "GDOI" see below for example. I have tried the following commands but still see them in logs and they are showing up on our syslog server as well.  I am more interested in not seeing them in my syslog server but dont care if I am logged into router and see them. 

 

commands used..

logging discriminator NoGD msg-body drops GDOI
logging buffered discriminator NoGD
logging console discriminator NoGD
logging monitor discriminator NoGD

 

 

SYSLOG message trying to drop

 

Feb 24 01:11:36.891 UTC: %GDOI-5-SA_TEK_UPDATED: SA TEK was updated
Feb 24 01:11:36.891 UTC: %GDOI-5-GM_RECV_REKEY: Received Rekey for group GETVPN from 10.16.98.107 to 10.92.255.254 with seq # 7
Feb 24 01:11:36.895 UTC: %GDOI-5-GM_INSTALL_POLICIES_SUCCESS: SUCCESS: Installation of Reg/Rekey policies from KS 10.16.98.107 for group GETVPN-ChinaWANGroup & gm identity  10.92.255.254

 

 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎02-24-2015 09:20 AM

GDOI is in the "facility" field of the syslog and not the msg-body.

View solution in original post

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to dakahn

‎02-25-2015 07:54 AM

Attach the discriminator to your syslog host.

logging host 10.1.1.1 discriminator NoGD

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎02-24-2015 09:20 AM

GDOI is in the "facility" field of the syslog and not the msg-body.

0 Helpful

Go to solution
dakahn
Level 1
Level 1
In response to Dan Frey

‎02-25-2015 07:49 AM

Thank you for clarifying that. Seems now its working correctly. I understand that the logging buffered is how the syslogs get saved locally but I was wondering if their was a way to allow it to still been seen locally but not sent to the syslog server?

 

Thanks!

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to dakahn

‎02-25-2015 07:54 AM

Attach the discriminator to your syslog host.

logging host 10.1.1.1 discriminator NoGD

0 Helpful

Go to solution
dakahn
Level 1
Level 1
In response to Dan Frey

‎02-25-2015 10:11 AM

Daniel,

 

Perfect.. One last question. If I wanted to add more to the filter list, I.E msg-body etc, can I add it to the existing discriminator? Can I have more than 1 discriminator set to syslog server?

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to dakahn

‎02-25-2015 11:17 AM

Additional fields can be appended to the discriminator statement and only one discriminator can be applied to the destination (monitor, console, host, ect..).

If you wanted to only drop logs with facility of "SYS" that also has the msg-body of "user"

logging discriminator myfilter facility includes SYS msg-body drops user

The order of operation when using multiple filters is explained here: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htnmsylg.html

 

 

Customers Also Viewed These Support Documents