05-04-2006 02:47 AM - edited 03-03-2019 03:04 AM
Hi
We have SYS logging level set to 6, on our 65xx switches, as per Cisco BKM doc (cant see the real beinfit of level 6 vs 5 - if anyone knows please let me know). Because the logging level is set so high we get all config changes logged also. However we seem to be getting hammered with partcular logs below. We have port security enabled on all the line cards but we get these flood of messages when there are no changes to the switch configuration - note same time. If anyone can shed some light on a possible cause for getting these messages (and why SYS should be set to 6) it would be much appreciated.
Thanks
Pat
2006 May 04 11:29:40 BST +01:00 %SYS-6-CFG_CHG:Module 11 block changed by SecurityRx//
2006 May 04 11:29:45 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//
2006 May 04 11:29:47 BST +01:00 %SYS-6-CFG_CHG:Module 10 block changed by SecurityRx//
2006 May 04 11:29:48 BST +01:00 %SYS-6-CFG_CHG:Module 12 block changed by SecurityRx//
2006 May 04 11:29:51 BST +01:00 %SYS-6-CFG_CHG:Module 10 block changed by SecurityRx//
2006 May 04 11:29:53 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//
2006 May 04 11:29:54 BST +01:00 %SYS-6-CFG_CHG:Module 6 block changed by SecurityRx//
2006 May 04 11:29:56 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//
2006 May 04 11:29:56 BST +01:00 %SYS-6-CFG_CHG:Module 4 block changed by SecurityRx//
2006 May 04 11:29:57 BST +01:00 %SYS-6-CFG_CHG:Module 5 block changed by SecurityRx//
2006 May 04 11:29:58 BST +01:00 %SYS-6-CFG_CHG:Module 6 block changed by SecurityRx//
05-04-2006 03:07 AM
Hi Pat,
Logging level 6 baiscally a informational level messages and 5 is notification messages which can be due to Normal bug significant condition .
Have a look at tthis link
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_1/conf_gd/logging.htm#1019846
Also have a look at this link for all kinds of level sys-6 messages.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_3/msg_gd/emsg.htm#wp1016897
HTH, if yes please rate the post.
Ankur
05-04-2006 04:56 AM
Thanks Ankur.
I am aware of the what you get out of the logging levels. I am particularly interested though in why these particular securityRX messages come in so often when there is no actual configuration change.
I am thinking of going to SYS-5 as I do not believe SYS-6 gives any good information (especially if you track changes via TACAC's). I would like to know though why Cisco recommend increasing the logging level to 6 for SYS in their Best Practices.
http://cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml#sl
Thanks
Pat
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: