Re: Filtering Syslog messages

snarayanaraju · ‎12-02-2009

I am practising Syslog configuration

I have enabled logging trap informational and it is working perfectly. But it is throwing
all the syslog message at this level to SYSLOG server.

Is there any possibility available to send only the logs related to some events to to SYSLOG server and filtering rest all so that SYSLOG message will be easy to identify the event.

Hope this explanation is not vague and Hope you will help me.

sairam

Jon Marshall · ‎12-03-2009

snarayanaraju wrote:

I am practising Syslog configuration

I have enabled logging trap informational and it is working perfectly. But it is throwing
all the syslog message at this level to SYSLOG server.

Is there any possibility available to send only the logs related to some events to to SYSLOG server and filtering rest all so that SYSLOG message will be easy to identify the event.

Hope this explanation is not vague and Hope you will help me.

sairam

Sairam

With standard syslog on IOS you can't really do this. What you can do though is have more intelligent syslog server that allows you to match on patterns within the syslog messages and send to diffferent outputs based on this. I have used syslog-ng in the past for this sort of thing and it works well.

Obviously that does not stop the syslog messages being sent across the network though so you are not saving anything on bandwidth.

There is also something relatively new called the Embedded Syslog Manager. I have never used it and am not sure if it would meet your requirements but it does look to have the capability to filter on the actual router -

ESM

Jon