Am I correct in assuming that this script will only downgrade log severity levels that have already fired off? Is there a way to set your logging level, for instance, to 4 and single out specific 5 log level events to fire off without configuring the overall device logging level to 5? We are currently sacrificing specific logging events in return for disk space and logging capacity on the syslog server. Thanks in advance.

This is exactly what this script does. This script lets you pick a given message mnemonic, and set its severity to whatever you want. All other messages will remain the same.

To be absolutely clear, this script runs on the router, and filters messages in real-time.

Mr. Clark

What modifications would be needed to the script so it could look at all syslog messages and filter and send all messages at severity 4 and higher and also process a single severity 5 message and discard all other severity 5,6 and 7 messages?

The logic would be to check the severity of each message. If the severity is 0 or 1 or 2 or 3 or 4, pass the message as is. If the severity is a particular level 5 message pass that one along too. All other severity 5 or 6 or 7 messages are dropped at the router and never sent to the syslog server.

The attached script will send all messages with a severity less than 5, and allow you to specify one mnemonic on the CLI for sending any other message. For example:

logging filter flash:slg_filter.tcl args CONFIG_I

This will cause SYS-5-CONFIG_I messages to be sent as well.

Sorry, previous version had a typo. New version attached.

This is a good script, but it has one flaw. If you wanna change the severity level of multiple log entries differently. Change severity from log entry A from 5 to 4 while changing severity of log entry B from 3 to 6. I created a script that achieves just that. you can even mute certain log entries without the need of a log discriminator. Feel free to use it. There is a help included as well to get you started.