Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
1
Replies

Filtering Syslog messages using Discriminator.

Richard Tapp
Level 1
Level 1

‎10-23-2013 01:52 AM

I am doing some Syslog testing and a server on one site is sending lots of traffic and I would like to filter this out from the logs.

So the IP address of the server is in the body of each log.

It is a Zonebase Router and I have tried this so far.

parameter-map type inspect default

audit-trail on

discriminator nolog mnemonics drops ^192\.168\.1\.1$

&

discriminator nolog msg-body drops ^192\.168\.1\.1$

logging host x.x.x.x trans udp port 10001 discriminator nolog

But I am still seeing traffic from 192.168.1.1

I don't seem to be able to add a reply.

Rolf

Yes it is the router produced log messages  I am referring to for one particular server, it is these messages that I do not want to   forward to the Syslog server.

Regards

Richard

Labels:
0 Helpful
1 Reply 1

Rolf Fischer
Level 9
Level 9

‎10-23-2013 04:57 AM

Hi Richard,

a logging discriminator takes effect only for locally (router-)genrrated syslog traffic.
To filter out syslog-traffic from a server, you could use an extended ACL (UDP 514).

HTH
Rolf


Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents