Excellent Article and just in time. We had a module go out one of our switches and did not know, because we had not setup logging correctly.
Now you overview has given me greater understanding!
Keep it up.
Discussion on:
View:
Show:
If your time is showing as off, try to sync the clock from an NTP source with this command:
ntp server
Verify it is working with "show ntp status"
I like using these settings. They work well for the typical Cisco router or switch:
logging buffered 65536 notifications
logging console warnings
default logging trap
I am also verifying that devices have the correct time settings and are logging with local timezone.
!
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
!
logging buffered 65536 informational
logging console notifications
default logging trap
default logging monitor
ntp server
Verify it is working with "show ntp status"
I like using these settings. They work well for the typical Cisco router or switch:
logging buffered 65536 notifications
logging console warnings
default logging trap
I am also verifying that devices have the correct time settings and are logging with local timezone.
!
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
!
logging buffered 65536 informational
logging console notifications
default logging trap
default logging monitor
How much of a load does this place on a router?
If I have the log level set on 6 or 7 am I going to slow down the router significantly?
Should I set it at 5 for normal use and bump it to 7 when I am troubleshooting?
If I have the log level set on 6 or 7 am I going to slow down the router significantly?
Should I set it at 5 for normal use and bump it to 7 when I am troubleshooting?
The load on a router is going to be very minimal even if you turn the logging up to level 6 or even 7 (unless you turn on a lot debugging). You can look at your router's utilization by entering "Show Processes CPU" and "Show Processes Memory" and look for "Logger" to see it's CPU and/or memory utilization.
The load on a Pix or ASA would be a bit more as those devices generate a lot lot more logs.
The load on a Pix or ASA would be a bit more as those devices generate a lot lot more logs.
How do the logging levels you describe here correspond to syslog facilities ( if they do)?
In my log I sometimes see below:
28161833: .Nov 30 21:56:04.286 PCTime: %FW-6-DROP_PKT: Dropping tcp pkt 78.156.219.166:52530 => 10.10.30.31:80
The log tells me that tcp packages is being dropped. But not WHY it is dropped. Do you know how to get that information?
Best regards, Peter.
28161833: .Nov 30 21:56:04.286 PCTime: %FW-6-DROP_PKT: Dropping tcp pkt 78.156.219.166:52530 => 10.10.30.31:80
The log tells me that tcp packages is being dropped. But not WHY it is dropped. Do you know how to get that information?
Best regards, Peter.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
