cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1553
Views
0
Helpful
4
Replies

search queries for useful syslog alarms

Tboss99
Level 1
Level 1

Hi :)

I am trying to find a good source of example log messages for setting up alarms in Graylog for the most critical events. 

This is mainly for ISR routers 

I got a few, but looking for example messages for any sort of port errors and security etc, 

For example like with environmental errors i use "%ENVMON" to trigger email alerts. 

This may be a bit daft, but can anyone point me to a good source? Maybe im just not good enough at googling :( 

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

The log references will differ between platforms, but there are some shared events. Here is the index for IOS-XE:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/16_xe/smg/xe-16-10/b-sem-16-10-1.html

 

...keep in mind that the number near the begining of the log event, ie:

%LINK-3-TOOSMALL

eg: 3

 

Indicates the severity. The lower number the higher the severity. As a first pass you would want to alert on numbers 1 and 2.

Also keep in mind that the severity of log threshold is configured on the network device, so for some devices there are certain logs which will never be seen due to configuration.

 

cheers,

Seb.

 

 

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

From the Device you can use EEM Script to send emails.

 

if you sending the Logs to SYSLOG server, you need to write script monitor the Logs and send you email

you can use any scripting one like bash/perl/python/php so on depends on your experience.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I am using greylog syslog server, so its just a matter of having the right search queries :) 

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

The log references will differ between platforms, but there are some shared events. Here is the index for IOS-XE:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/16_xe/smg/xe-16-10/b-sem-16-10-1.html

 

...keep in mind that the number near the begining of the log event, ie:

%LINK-3-TOOSMALL

eg: 3

 

Indicates the severity. The lower number the higher the severity. As a first pass you would want to alert on numbers 1 and 2.

Also keep in mind that the severity of log threshold is configured on the network device, so for some devices there are certain logs which will never be seen due to configuration.

 

cheers,

Seb.

 

 

That got me in the right direction to what i was looking for :) Thanks 

 https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-15-2e/products-system-message-guides-list.html