Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
1
Replies

SG250-10P log entries...

Scott Frank
Level 1
Level 1

‎01-27-2019 03:31 PM

I have a SG250-10P switch.  It recently crashed.  I went in to check the log files and the crash wasn't in the logs at all.  I found a few anomalies though and would like some clarification as to these things being normal.

 

Most of the logs were from last November then there was a gap of time until i logged in.  So there was nothing for me to go on as far as what happened.

 

I cleared the logs and rebooted and the same thing.  Logs from last November and then my login.  I have read that when something has been hacked that one of the first things they do is change the log files to hide their tracks.  This switch has been a champ until that crash so I'm a bit nervous and don't want to let this slide.

 

A couple of other things i noticed is that the log entry numbers are counting down instead of up.  And that there are gaps in the numbers.

 

I don't have  a log server yet but I am setting one up now.  Because of that I only have that one page that the switch memory affords you for logs to go on.

 

I just want to know if all this is normal or if I should error on the side of caution and somehow reset this switch and start from scratch.

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎01-27-2019 11:26 PM

Most of the cisco device, as soon as it reboot, the logs will be erraged automatically and you only see the current logs.

 

can you post example logs to look, also post version of code running.

 

you need to investigate why the switch crachshing (is this becuase of any power issues ? in the environment)

if the switch crashing by it self, the better open a TAC case or upgrade to newest code.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents