problem : tcl script for filter IPSec cosmetic log

NontawatCh · ‎10-11-2012

Hi all, I would like some advice from anyone who ever see this case. I applied tcl script for filter ipsec error log that log is cosmetic. But my site want to don't see this log from router log. I already create tcl script for filter it out. Ok script can work fine but it more work. It filter other message not just ipsec log out. I check cisco device that support script. How can I fix this problem.

See my detail of script and ios version of router :

script :

# VPN_Error.tcl This script deletes all log messages about VPN error messages

# The script will filter by combination between facility-serverity and mnemonic

# Created on 05-Oct-2012.

#

set msgs [list {CRYPTO-4-RECVD_PKT_MAC_ERR} {VPN_HW-1-PACKET_ERROR} {CRYPTO-4-RECVD_PKT_NOT_IPSEC} {CRYPTO-4-PKT_REPLAY_ERR}]

set fac_sev_mnem "${::facility}-${::severity}-${::mnemonic}"

foreach msg $msgs {

if { $msg == $fac_sev_mnem } {

return ""

}

return $::orig_msg

}

ios router version :

: c2800nm-adventerprisek9-mz.124-25f.bin

: c2800nm-adventerprisek9-mz.124-7b.bin

log information and configuration

When I applied command:

logging filter flash:VPN_Filter2.tcl

logging buffered filtered 4096 debugging

show log file:

router#sh logg

Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering enabled)

Console logging: level debugging, 18145 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 428 messages logged, xml disabled,

filtering disabled

Logging to: vty322(2)

Buffer logging: level debugging, 0 messages logged, xml disabled,

filtering enabled (0 messages logged)

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

Filter modules:

flash:VPN_Filter2.tcl

Trap logging: level informational, 47011 message lines logged

Logging to 10.145.0.25 (udp port 514, audit disabled, link up), 47011 message lines logged, xml disabled,

filtering disabled

Logging to 10.247.17.41 (udp port 514, audit disabled, link up), 47011 message lines logged, xml disabled,

filtering disabled

Logging to 10.247.17.45 (udp port 514, audit disabled, link up), 47011 message lines logged, xml disabled,

filtering disabled

--More--

Log Buffer (4096 bytes):

router#

If you have some more information. Please tell me.

Thank you for your advice

Joe Clarke · ‎10-11-2012

It looks like your script has an error. You have an extra '}'. It should be:

# VPN_Error.tcl  This script deletes all log messages about VPN error messages
# The script will filter by combination between facility-serverity and mnemonic       
# Created on 05-Oct-2012.
#
set msgs [list {CRYPTO-4-RECVD_PKT_MAC_ERR} {VPN_HW-1-PACKET_ERROR} {CRYPTO-4-RECVD_PKT_NOT_IPSEC} {CRYPTO-4-PKT_REPLAY_ERR}]
set fac_sev_mnem "${::facility}-${::severity}-${::mnemonic}"
foreach msg $msgs {
    if { $msg == $fac_sev_mnem } {
        return ""
    } 
} 
return $::orig_msg

helpdesk.d · ‎10-12-2012

Hi Joseph. I already edit my code from you advice and run this code on router. but it not have any log show on router log same old status. I think it may be take some action on router (rebot or etc???)? If everyone have any idea or ever see and resolve this case. Please shared to me.

Thank You all.

Joe Clarke · ‎10-12-2012

You may need to reboot. When you do, check the console for any error output if the filter still is not working.

Rojer-bkk · ‎10-27-2012

Hi Joseph,

It seem the reload router couldn't help, all logs are filtered. I'm wondering why the scirpt can be working for some routers even the same software version. Do you have any ideas about this?

Joe Clarke · ‎10-27-2012

What do you see on the router's console? ESM tends to log any errors only to the console line.