We have a debate going on in our office about buffering logs. We are using CW as our syslog server for a network with approx. 450 Cisco devices (switches, routers, APs, firewalls, etc.). The debate has to do with whether we should be buffering logs.
Some techs in the group say that it is recommended to "no logging buffered" set if you are sended logs to a syslog server. Others point out that this can be an issue if you are at a downed site and/or don't have access to CW. What is the recommendation for buffering logs? I don't see an issue with both buffering and sending to syslog server. Any advice?
Logging bufferend and logging to 2 syslog servers is generally considered a leading practice with my team. Logging buffered gets you some 'fallback' in case you need the logs before a device has fully rebooted and reestablished routes. It can also be the source if a network partition happens and no NMS access is available.
What you DON'T want to do is have more than 4 syslog event receivers. I worked with a customer that had 9... 4 were going to servers in the same subnet. If you have a lot of need for syslog processing (multiple NMSs, IDSs, etc) look at syslog repeaters like Syslog-NG.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...