cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2762
Views
20
Helpful
9
Replies

Get rid of unwanted flash log files

kirkchris01
Level 1
Level 1

When I check my dir flash: I see a lot of files that I believe are log files but I don't know where the config to set that up is located. I have been reading about log files for the last two days and I can't figure this out. I want to stop generating these files because they are filling up the flash in all of the switches. I think it may be the archive settings. I deleted all of these files in one switch and turned off buffer logging with 'no logging buffer'. When I used 'wr' a new file was created.

 

-Sep-20-07-55-35.764-PST-52

 

Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: level informational, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: disabled, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 421278 message lines logged
Logging to x.x.x.x (udp port 514, audit disabled, link up),
421277 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled

Here are some possible culprits; I am just confused at this point:

service timestamps log datetime msec localtime show-timezone

logging snmp-authfail
logging monitor informational

dot1x logging verbose

archive
log config
logging enable
logging size 1000
path flash:
maximum 7
rollback filter adaptive
rollback retry timeout 60
write-memory
time-period 1440

 

How do I get rid of this one feature so my flash doesn't fill up? I am interested in knowing when other admins are making changes and not telling me, but I don't want to fill up my flash.

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Send the logs to a Syslog server or if you have Splunk, send them to Splunk server. Also, if you have a TACACS or an ACS server you can audit the logs and see who logged on and what they did.

HTH

View solution in original post

9 Replies 9

Reza Sharifi
Hall of Fame
Hall of Fame

Send the logs to a Syslog server or if you have Splunk, send them to Splunk server. Also, if you have a TACACS or an ACS server you can audit the logs and see who logged on and what they did.

HTH

Ah, yes...we have ACS. I will look at that part of it.

balaji.bandi
Hall of Fame
Hall of Fame

adding to other post, if splunk is expensive for you, you can do syslog-ng with Elasitc Search. (ELK)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I agree with Balaji that Splunk can be expensive but it is an amazing tool if you have the budget for it.

 

HTH

There is also AWS version of it if you don't want to host it locally.  Have a look

https://aws.amazon.com/quickstart/architecture/splunk-enterprise/

 

HTH 

Yes, we have Kiwi as a log server. I will delve in to the Kiwi server and get familiar. I want to stop the flash files, though.

Yes, we have Kiwi as a log server. I will delve in to the Kiwi server and get familiar. I want to stop the flash files, though.

Absolutely, log files get large very quickly and putting them on flash is not a good idea. It can also cause other issues on the switch.

 

Good Luck!

kirkchris01
Level 1
Level 1

Do you know of a command to get rid of the -PST files already stored in the flash? I tried 'software clean' variables and haven't had any luck. Deleting them one by one would be horrible.

What type of switch do you have and what version of IOS are you running?

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: