Hello

I have tested this and Mark is correct, with 1 addition it looks like you require "  " between the msg body drops although it doesn't show up in the running config

logging buffered 4096 7

logging discriminator TEST msg-body drops "%SFF8472-5-THRESHOLD_VIOLATION:"

logging buffered discriminator TEST 7  <----------severity level

res
Paul

Hello,

Thank's for replies.

I did such configuration:

service timestamps log datetime localtime
logging discriminator TEST msg-body drops "%SFF8472-5-THRESHOLD_VIOLATION:"
logging buffered 100000 informational
aaa authentication login default group ACS1 local

but I'm still recieving notifications:

May 24 09:00:19: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.1 dBm, Threshold value: -17.0 dBm.
May 24 09:02:59: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.0 dBm, Threshold value: -17.0 dBm.
May 24 09:10:19: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.0 dBm, Threshold value: -17.0 dBm.
May 24 09:13:00: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.0 dBm, Threshold value: -17.0 dBm.

Hi

logging buffered discriminator TEST 7 (you have logging buffered 10000 info) is missing, you need to tie the discriminator to the buffer

Hi Mark,

I did changes, but no changes:

#sh run | i log
service timestamps log datetime localtime
logging discriminator TEST msg-body drops "%SFF8472-5-THRESHOLD_VIOLATION:"
logging buffered discriminator TEST
aaa authentication login default group ACS1 local

sh logg
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

Active Message Discriminator:
TEST      msg-body       drops    "%SFF8472-5-THRESHOLD_VIOLATION:"




No Inactive Message Discriminator.


    Console logging: level debugging, 32196 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 1016 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 583 messages logged, xml disabled,
                    filtering disabled, discriminator(TEST),
                     0 messages rate-limited, 0 messages dropped-by-MD
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 32196 message lines logged
        Logging to 10.241.16.206  (udp port 514, audit disabled,
              link up),
              32112 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 10.241.16.158  (udp port 514, audit disabled,
              link up),
              21416 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging Source-Interface:       VRF Name:
        Vlan100                         
          
Log Buffer (4096 bytes):
er low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm.
May 25 07:54:26: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 07:59:17: %SFF8472-5-THRESHOLD_VIOLATION: Gi1/1/4: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm.
May 25 08:01:41: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm.
May 25 08:04:26: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 08:11:41: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm.
May 25 08:14:27: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 08:21:42: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm.
May 25 08:24:27: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 08:29:19: %SFF8472-5-THRESHOLD_VIOLATION: Gi1/1/4: Rx power low warning; Operating value: -17.0 dBm, Threshold value: -17.0 dBm.
May 25 08:31:43: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.3 dBm, Threshold value: -17.0 dBm.
May 25 08:34:28: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 08:41:43: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm.
May 25 08:44:29: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.1 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 08:49:20: %SFF8472-5-THRESHOLD_VIOLATION: Gi1/1/4: Rx power low warning; Operating value: -17.1 dBm, Threshold value: -17.0 dBm.
May 25 08:51:44: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm.
May 25 08:54:29: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)
May 25 09:01:44: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm.
May 25 09:04:30: %SFF8472-5-THRESHOLD_VIOLATION: Gi2/1/3: Rx power low warning; Operating value: -17.2 dBm, Threshold value: -17.0 dBm. (TT-HQ-ACS-3750-HSRP-2)

Hi

That should work looking at the docs theres no other config required , the only other thing you could try is change the facility level from debugging 7  , try 1 of these below instead of 7 see if the alerts are coming in under some other level.

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htnmsylg.html#wp1056441

 <0-7>              Logging severity level
  <4096-2147483647>  Logging buffer size
  alerts             Immediate action needed           (severity=1)
  critical           Critical conditions               (severity=2)
  debugging          Debugging messages                (severity=7)
  discriminator      Establish MD-Buffer association
  emergencies        System is unusable                (severity=0)
  errors             Error conditions                  (severity=3)
  filtered           Enable filtered logging
  informational      Informational messages            (severity=6)
  notifications      Normal but significant conditions (severity=5)
  warnings           Warning conditions                (severity=4)
  xml                Enable logging in XML to XML logging buffer

Hi there

Did you finally solve the issue with the discriminator. The command to tie the discriminator to the buffer overwrites the configured buffer size. So I can only type "one" line....

Thank you

Bart

Yes, It works. Thanks.