cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
405
Views
3
Helpful
2
Replies

Port security configuration changes in Syslog

patrick.guerin
Level 1
Level 1

Hi

We have SYS logging level set to 6, on our 65xx switches, as per Cisco BKM doc (cant see the real beinfit of level 6 vs 5 - if anyone knows please let me know). Because the logging level is set so high we get all config changes logged also. However we seem to be getting hammered with partcular logs below. We have port security enabled on all the line cards but we get these flood of messages when there are no changes to the switch configuration - note same time. If anyone can shed some light on a possible cause for getting these messages (and why SYS should be set to 6) it would be much appreciated.

Thanks

Pat

2006 May 04 11:29:40 BST +01:00 %SYS-6-CFG_CHG:Module 11 block changed by SecurityRx//

2006 May 04 11:29:45 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//

2006 May 04 11:29:47 BST +01:00 %SYS-6-CFG_CHG:Module 10 block changed by SecurityRx//

2006 May 04 11:29:48 BST +01:00 %SYS-6-CFG_CHG:Module 12 block changed by SecurityRx//

2006 May 04 11:29:51 BST +01:00 %SYS-6-CFG_CHG:Module 10 block changed by SecurityRx//

2006 May 04 11:29:53 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//

2006 May 04 11:29:54 BST +01:00 %SYS-6-CFG_CHG:Module 6 block changed by SecurityRx//

2006 May 04 11:29:56 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//

2006 May 04 11:29:56 BST +01:00 %SYS-6-CFG_CHG:Module 4 block changed by SecurityRx//

2006 May 04 11:29:57 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//

2006 May 04 11:29:58 BST +01:00 %SYS-6-CFG_CHG:Module 6 block changed by SecurityRx//

2 Replies 2

ankurbhasin
Level 9
Level 9

Hi Pat,

Logging level 6 baiscally a informational level messages and 5 is notification messages which can be due to Normal bug significant condition .

Have a look at tthis link

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_1/conf_gd/logging.htm#1019846

Also have a look at this link for all kinds of level sys-6 messages.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_3/msg_gd/emsg.htm#wp1016897

HTH, if yes please rate the post.

Ankur

Thanks Ankur.

I am aware of the what you get out of the logging levels. I am particularly interested though in why these particular securityRX messages come in so often when there is no actual configuration change.

I am thinking of going to SYS-5 as I do not believe SYS-6 gives any good information (especially if you track changes via TACAC's). I would like to know though why Cisco recommend increasing the logging level to 6 for SYS in their Best Practices.

http://cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml#sl

Thanks

Pat

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: