Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1752
Views
0
Helpful
4
Replies

search queries for useful syslog alarms

Go to solution
Tboss99
Level 1
Level 1

‎03-11-2020 06:59 AM

Hi :)

I am trying to find a good source of example log messages for setting up alarms in Graylog for the most critical events. 

This is mainly for ISR routers 

I got a few, but looking for example messages for any sort of port errors and security etc, 

For example like with environmental errors i use "%ENVMON" to trigger email alerts. 

This may be a bit daft, but can anyone point me to a good source? Maybe im just not good enough at googling :( 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎03-11-2020 07:18 AM

Hi there,

The log references will differ between platforms, but there are some shared events. Here is the index for IOS-XE:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/16_xe/smg/xe-16-10/b-sem-16-10-1.html

 

...keep in mind that the number near the begining of the log event, ie:

%LINK-3-TOOSMALL

eg: 3

 

Indicates the severity. The lower number the higher the severity. As a first pass you would want to alert on numbers 1 and 2.

Also keep in mind that the severity of log threshold is configured on the network device, so for some devices there are certain logs which will never be seen due to configuration.

 

cheers,

Seb.

 

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-11-2020 07:10 AM

From the Device you can use EEM Script to send emails.

 

if you sending the Logs to SYSLOG server, you need to write script monitor the Logs and send you email

you can use any scripting one like bash/perl/python/php so on depends on your experience.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Tboss99
Level 1
Level 1
In response to balaji.bandi

‎03-11-2020 08:58 AM

I am using greylog syslog server, so its just a matter of having the right search queries :) 

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎03-11-2020 07:18 AM

Hi there,

The log references will differ between platforms, but there are some shared events. Here is the index for IOS-XE:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/16_xe/smg/xe-16-10/b-sem-16-10-1.html

 

...keep in mind that the number near the begining of the log event, ie:

%LINK-3-TOOSMALL

eg: 3

 

Indicates the severity. The lower number the higher the severity. As a first pass you would want to alert on numbers 1 and 2.

Also keep in mind that the severity of log threshold is configured on the network device, so for some devices there are certain logs which will never be seen due to configuration.

 

cheers,

Seb.

 

 

0 Helpful

Go to solution
Tboss99
Level 1
Level 1
In response to Seb Rupik

‎03-11-2020 08:55 AM

That got me in the right direction to what i was looking for :) Thanks 

 https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-15-2e/products-system-message-guides-list.html

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card