Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

syslog message filter

I was trying to limit what messages that were recieved by RME that actually got posted into the syslog files. I have a lot of devices with to low of logging (which is the long term fix). I was thinking if I limit the stored syslog messages to say critical ones and configuration changes it would be helpful.

Any suggestions?

3 REPLIES
New Member

Re: syslog message filter

My personal opinion:

Unless you're trying to conserve on the amount of bandwidth used, the more syslog messages the better. After all, in RME you can filter out what messages you don't want. A message that comes to mind are Astro error messages that occur on larger switches running CatOS. These messages are logged at a severity level 4 which is the warnings level. Keep in mind that errors, critcals, alerts and emergencies come before warnings.

When one of these switches experiences Astro errors, it's only a matter of time 'till users are affected and the switch is hosed. I believe configuration changes are logged at a severity level 5 or the notifications level. The only severity above this is informational.

I feel the best setting is severity level 5 or notifications. This means notifications, warnings, errors, critical, alerts and emergencies will be logged.

Everything gets logged and if you’re forwarding this information to a syslog server, not much is gonna’ get by without notice.

New Member

Re: syslog message filter

One thing I left out. On interfaces we don't care about, we issue the command 'no logging event link-status'. We have a lot of 3500 IOS based switches that are used for user's PCs. We will issue this command on all fastethernet interfaces but not on the Gig interfaces. This cuts down on the # of messages sent to the syslog server.

For a 3550-24s:

logging xxx.xxx.XXX.XXX

logging trap notifications

interface range fastEthernet 0/1 - 24

no logging event link-status

New Member

Re: syslog message filter

I guess the main reason I would like to stop them from hitting the log is the volume. We have around 1500 devices logging.

I'll try using the display filters. thanks for the help

132
Views
0
Helpful
3
Replies