Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
7
Helpful
3
Replies

Is the recommendation to disable console logging still up to date?

thorsten.steffen
Level 3
Level 3

‎06-27-2007 01:09 AM - edited ‎03-05-2019 04:59 PM

Hi,

several years ago cisco technicians recommended to disable console logging if not explicitly needed because a huge amount of logging messages sent to the console port in a short time period could cause high cpu utilization.

This was also a vulneralibity concerning DOS attacks.

Does anybody know if this recommendation is still up to date on ios and cat os?

Best Regards,

Thorsten

Labels:
0 Helpful
3 Replies 3

guruprasadr
Level 7
Level 7

‎06-27-2007 02:17 AM

HI Thorsten, [PLS Rate if Helps]

no logging console global configuration command (highly recommended for routers that are not usually accessed through the console port) or you might want to limit the amount of messages sent to the console with the logging console level configuration command (for example, logging console notifications).

Note: Use the Latest IOS Release with Product Specific Features to avoid such Problems.

Normally, commands like "show tech-support" & other show command with Running Long Outputs will increase the CPU Utilzation.

Also, Continuous Logging Messages to Console / VTY session will also increase the CPU Load & will experience slow system performance.

So, its always recommended to send all Logging Messages / Trap Message to some Logging Server (PC) in the Local Network.

PLS Rate if HELPS

Best Regards,

Guru Prasad R

royalblues
Level 10
Level 10
In response to guruprasadr

‎06-27-2007 03:16 AM

Yes this is true.

You should always try to disable console logging. It is better to send these logs to the buffer or some logging server

Narayan

Richard Burts
Hall of Fame
Hall of Fame
In response to royalblues

‎06-27-2007 05:29 AM

I believe that the best answer to this question will vary depending on how the router is used. If there generally is not a device connected on the console port then certainly it makes good sense to totally disable logging to the console. If there is a device connected to the console and particularly if someone looks at this from time to time then I am not sure that disabling console logging is a good idea.

I believe that we would all agree that in general it is best to not send level 7 (debug) output to the console since that tends to be the most voluminous output and has the most potential to impact the router.

While output to the console does have more impact than output to terminal monitor or output to logging buffered, I think that you should consider the potential benefit of console logging if the console might be monitored.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card