Restricting What Log Messages Are Sent to the Server

Problem

You want to limit which logging levels the router will send to the syslog server.

Solution

Use the logging trap configuration command to limit the severity level of syslog messages:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host 172.25.1.1
Router(config)#logging trap notifications
Router(config)#end 
Router#

 

Discussion

By default, when you enable remote logging on a router, it will forward only those messages with a severity level informational or higher (see Table 18-1). This means that the router forwards everything but debugging messages to the syslog server. Raising the severity of the log messages forwarded to the syslog server can help to reduce bandwidth utilization across the network, as well as the disk space required for storing the log messages on the server. This example shows the output of the show logging exec command:

Router>show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
 Console logging: level debugging, 658 messages logged
 Monitor logging: level debugging, 65 messages logged
 Buffer logging: level debugging, 6 messages logged
 Logging Exception size (4096 bytes)
 Trap logging: level notifications, 662 message lines logged
 Logging to 172.25.1.1, 5 message lines logged
 Logging to 172.25.1.3, 5 message lines logged
 
Log Buffer (4096 bytes): 
Router>

Notice that the logging severity level is set to notifications and that both outbound servers are limited to the same level. It is important to note that the logging trap command sets the severity level for all syslog servers.

Another important use for the logging trap command is allowing the router to send debug level messages to a syslog server. The default severity level for syslog is informational, so the router will not forward any debug messages. Having the ability to store debug messages can often be useful in fault isolation and trouble resolution. The following commands show how to enable the forwarding of debugging severity-level messages:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host 172.25.1.1
Router(config)#logging trap debugging
Router(config)#end 
Router#

You must also configure the syslog server to handle debug level messages. You can accomplish this in one of two waysby creating a dedicated file to handle debug messages or by forwarding debug messages to the normal router logfile. The following two examples will demonstrate how to modify your syslog.conf file to handle both situations:

local7.debug /var/log/debug

Or:

local7.=debug /var/log/debug

The difference between these two methods is that while the first sends all messages with a severity greater than or equal to debug severity to the indicated file, the second directs only debug level messages to this file. The first example is a more traditional method to assign debug level messages to a particular file, but the second example is preferred since it allows you to separate debug messages from the normal router log messages. Most modern syslog facilities will handle the second example command syntax, but please check your manpages to ensure compatibility by issuing a man syslog.conf.

To simply forward all debug level messages to the default router log, change your syslog.conf files to include the following:

local7.debug /var/log/rtrlog

Use caution when enabling the remote storing of debug messages. Debug messages can quickly overwhelm your server if not properly enabled on the router.

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net