Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
2
Replies

How to monitor certain logs from switch and send mail notification

thewinner
Level 1
Level 1

‎01-23-2023 04:27 AM

 

Hello all,

After checking the logs from our Cisco switches we found that a lot of them have errors that shouldn't exist.

Namely the most significant of them is "5275471: Jan 23 13:01:56: %IP-4-DUPADDR: Duplicate address 10.x.x.x on VlanXXX, sourced by 5xxx.XXx0.2x3x". 

Could you please tell me if there is a way to monitor similar logs and if they appear to send me a mail notification(twice a day for example)?

The switches are over 100 so is needed the solution to work with multiple devices.

We have Syslog server where all logs are stored.

I was leaning toward using a Linux or PowerShell script but not sure if it will work.


Will be very glad if you help me in any way.

I spent a low of hours without any clear idea of how to deploy it

Probably there is a tool that can achieve my goals...  Looking forward to hearing from you!

Labels:
0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎03-02-2023 07:35 AM - edited ‎03-02-2023 07:36 AM

Hello @thewinner 

One possible solution is to use a combination of a log monitoring tool like Logwatch or Logcheck, and a scripting language like Python or PowerShell to parse the logs, filter out the relevant events, and send email notifications.

Also, note that some network management tools like Nagios or PRTG also have built-in capabilities to monitor syslog messages and send email notifications. It may be worth investigating these tools to see if they meet your needs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Jan Rolny
Level 3
Level 3

‎03-02-2023 10:34 AM

Hi thewinner,

you can also use EEM script directly on the routers/switches

I will not make exactly that eem scritp you need right now but You can check some examples here https://www.ciscopress.com/articles/article.asp?p=3100057&seqNum=4

Script will look for that syslog pattern "%IP-4-DUPADDR" and if that will match then action will be triggered and email will be sent to email address you want. There is maybe one drawback this solution has and it is that EEM does not support smtp authentication. So you will need to alow those routers IPs on smtp server.

Best regards,

Jan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card