cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1165
Views
0
Helpful
5
Replies
mrochac
Beginner

system logging for all messages

good day, curious of how i would go about turning on logging so i can see all messages on switch, right now i only see minor items, but i need to know of changes to conifg, dhcp snooping messages, and so on... this is what i see right now.(example)

 

2909QUEEN-STK#sh logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


Console logging: level debugging, 419 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 419 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 378 message lines logged
Logging Source-Interface: VRF Name:

Log Buffer (4096 bytes):
on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:18:38.514 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:18:54.529 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:19:26.528 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:25:30.536 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)

5 REPLIES 5
Jaderson Pessoa
VIP Engager

Hello,

You can use a log cns-events

 

#logging cns-events ?
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

check it for how to use: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html

Jaderson Pessoa
*** Rate All Helpful Responses ***
balaji.bandi
VIP Master

i would not suggest to debug logs to buffer, since it overflow and overwrite FIFO basis.

 

Rather you can setup a syslog server and point to log settings to log server is best approach, so you have history logs for reference when you have issue around.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

marce1000
VIP Advisor

 

 -  (user° Config changes and error logging can be considered as 2 different things : auditing config changes can be accomplished by the following directives (e.g.) :

conf terminal
archive
 log config
  logging enable
  logging size 200
  notify syslog contenttype plaintext
  hidekeys
logging xx.xx.xx.xx

 

Both excellent options, i do have a syslog setup and i will add the config change audit option - at the same time, why is it that not all messages show up under #sh logging? was looking at troubleshooting DHCP snooping and nothing really showing up under logging... make sense?

 

as for the audit, can that be logged to a file?

 

MR.

Depends on how you configured the Logging to be enabled and logged.

 

if this is configured as informational by default, you wont be able to see the Debugg logs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help