06-27-2007 01:09 AM - edited 03-05-2019 04:59 PM
Hi,
several years ago cisco technicians recommended to disable console logging if not explicitly needed because a huge amount of logging messages sent to the console port in a short time period could cause high cpu utilization.
This was also a vulneralibity concerning DOS attacks.
Does anybody know if this recommendation is still up to date on ios and cat os?
Best Regards,
Thorsten
06-27-2007 02:17 AM
HI Thorsten, [PLS Rate if Helps]
no logging console global configuration command (highly recommended for routers that are not usually accessed through the console port) or you might want to limit the amount of messages sent to the console with the logging console level configuration command (for example, logging console notifications).
Note: Use the Latest IOS Release with Product Specific Features to avoid such Problems.
Normally, commands like "show tech-support" & other show command with Running Long Outputs will increase the CPU Utilzation.
Also, Continuous Logging Messages to Console / VTY session will also increase the CPU Load & will experience slow system performance.
So, its always recommended to send all Logging Messages / Trap Message to some Logging Server (PC) in the Local Network.
PLS Rate if HELPS
Best Regards,
Guru Prasad R
06-27-2007 03:16 AM
Yes this is true.
You should always try to disable console logging. It is better to send these logs to the buffer or some logging server
Narayan
06-27-2007 05:29 AM
I believe that the best answer to this question will vary depending on how the router is used. If there generally is not a device connected on the console port then certainly it makes good sense to totally disable logging to the console. If there is a device connected to the console and particularly if someone looks at this from time to time then I am not sure that disabling console logging is a good idea.
I believe that we would all agree that in general it is best to not send level 7 (debug) output to the console since that tends to be the most voluminous output and has the most potential to impact the router.
While output to the console does have more impact than output to terminal monitor or output to logging buffered, I think that you should consider the potential benefit of console logging if the console might be monitored.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide