cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1368
Views
0
Helpful
3
Replies

syslog message filter

rmweaver
Level 1
Level 1

I was trying to limit what messages that were recieved by RME that actually got posted into the syslog files. I have a lot of devices with to low of logging (which is the long term fix). I was thinking if I limit the stored syslog messages to say critical ones and configuration changes it would be helpful.

Any suggestions?

3 Replies 3

getwithrob
Level 3
Level 3

My personal opinion:

Unless you're trying to conserve on the amount of bandwidth used, the more syslog messages the better. After all, in RME you can filter out what messages you don't want. A message that comes to mind are Astro error messages that occur on larger switches running CatOS. These messages are logged at a severity level 4 which is the warnings level. Keep in mind that errors, critcals, alerts and emergencies come before warnings.

When one of these switches experiences Astro errors, it's only a matter of time 'till users are affected and the switch is hosed. I believe configuration changes are logged at a severity level 5 or the notifications level. The only severity above this is informational.

I feel the best setting is severity level 5 or notifications. This means notifications, warnings, errors, critical, alerts and emergencies will be logged.

Everything gets logged and if you’re forwarding this information to a syslog server, not much is gonna’ get by without notice.

One thing I left out. On interfaces we don't care about, we issue the command 'no logging event link-status'. We have a lot of 3500 IOS based switches that are used for user's PCs. We will issue this command on all fastethernet interfaces but not on the Gig interfaces. This cuts down on the # of messages sent to the syslog server.

For a 3550-24s:

logging xxx.xxx.XXX.XXX

logging trap notifications

interface range fastEthernet 0/1 - 24

no logging event link-status

I guess the main reason I would like to stop them from hitting the log is the volume. We have around 1500 devices logging.

I'll try using the display filters. thanks for the help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: