Re: system logging for all messages

mrochac · ‎02-25-2019

good day, curious of how i would go about turning on logging so i can see all messages on switch, right now i only see minor items, but i need to know of changes to conifg, dhcp snooping messages, and so on... this is what i see right now.(example)

2909QUEEN-STK#sh logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: level debugging, 419 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 419 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 378 message lines logged
Logging Source-Interface: VRF Name:

Log Buffer (4096 bytes):
on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:18:38.514 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:18:54.529 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:19:26.528 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)
Feb 25 10:25:30.536 EST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0015.5d6e.6c02 on port GigabitEthernet2/0/12. (2909QUEEN-STK-2)

Jaderson Pessoa · ‎02-25-2019

Hello,

You can use a log cns-events

#logging cns-events ?
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

check it for how to use: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html

Jaderson Pessoa
*** Rate All Helpful Responses ***

balaji.bandi · ‎02-25-2019

i would not suggest to debug logs to buffer, since it overflow and overwrite FIFO basis.

Rather you can setup a syslog server and point to log settings to log server is best approach, so you have history logs for reference when you have issue around.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000 · ‎02-25-2019

- (user° Config changes and error logging can be considered as 2 different things : auditing config changes can be accomplished by the following directives (e.g.) :

conf terminal
archive
 log config
  logging enable
  logging size 200
  notify syslog contenttype plaintext
  hidekeys
logging xx.xx.xx.xx

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

mrochac · ‎03-05-2019

Both excellent options, i do have a syslog setup and i will add the config change audit option - at the same time, why is it that not all messages show up under #sh logging? was looking at troubleshooting DHCP snooping and nothing really showing up under logging... make sense?

as for the audit, can that be logged to a file?

MR.

balaji.bandi · ‎03-05-2019

Depends on how you configured the Logging to be enabled and logged.

if this is configured as informational by default, you wont be able to see the Debugg logs.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help