cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

7945
Views
0
Helpful
2
Replies
yves.haemmerli
Beginner

ACE : PROBE-FAILED and Syslog messages

Hi,

When a real server is in PROBE-FAILED status, I observe a syslog message at each trial of the proble. This fills our syslog server. Is there a mean to configure the ACE in such a way that a syslog message would be generated only when a transition occurs in the probe status ?

Thank you for any hints,

Yves

1 ACCEPTED SOLUTION

Accepted Solutions
kitanaka
Beginner

Hello,


You can utilize "logging trap " command and

"logging message level " command

in order to achive what you are seeking.


The "logging trap " command limits the logging messages sent to a syslog server based on severity.

If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.


You can disable the display of a specific syslog

message or change the severity level of a specific system log message using

"logging message level " command.


Not sure what kind of probe you are using but If it is ICMP probe and

the reason of probe failure is arp, it generates a message for every try

as below with severity level of 3, by default.


%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP


If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.

switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
                message 251009: current-level 6  default-level 3 (enabled)

You can check the message id that is filling the syslog server

and change its security level to higher number than "logging trap ".

Regards,

Kimihito.

View solution in original post

2 REPLIES 2
kitanaka
Beginner

Hello,


You can utilize "logging trap " command and

"logging message level " command

in order to achive what you are seeking.


The "logging trap " command limits the logging messages sent to a syslog server based on severity.

If it is set to "5 - notification", all messages that have security level of 5 or lower number are sent to the syslog server.


You can disable the display of a specific syslog

message or change the severity level of a specific system log message using

"logging message level " command.


Not sure what kind of probe you are using but If it is ICMP probe and

the reason of probe failure is arp, it generates a message for every try

as below with severity level of 3, by default.


%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-3-251009: ICMP health probe failed for server 192.168.0.1, connectivity error: ARP not resolved for destination ip address
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442007: VIP in class: 'VIP' changed state from OUTOFSERVICE to INSERVICE
%ACE-5-441002: Serverfarm (SF) is now back in service in policy_map (fs) -->

class_map (#class_default_slb). Number of failovers = 0, number of times back in service = 0

%ACE-4-442004: Health probe ICMP detected rserver r1 (interface vlan31) changed state to UP
%ACE-4-442001: Health probe ICMP detected r1 (interface vlan31) in serverfarm SF changed state to UP


If your "logging trap " is set to "5 - notification" and you do not want
the message "%ACE-3-251009:xxx" to be sent to syslog server,
you can change its security level like below.

switch/Admin(config)# logging message 251009 level 6
switch/Admin(config)# do show logging message 251009
Message logging:
                message 251009: current-level 6  default-level 3 (enabled)

You can check the message id that is filling the syslog server

and change its security level to higher number than "logging trap ".

Regards,

Kimihito.

View solution in original post

Hi Kimihito.

Thank you for your answer, it is exactly what I was looking for.

best regards,

Yves