logging buffered vs. logging history

Hi, could anybody explain the differences between logging buffered and logging history? I need the commands only to store the syslogs at my devices, not to send the messages, as SNMP-Traps, to the NMS.

Regards, Christian

Reply to
Christian Roos
Loading thread data ...

You did not mention the platform involved. I will answer for the PIX and hope that it's workable on whatever you are using.

logging buffered logs messages into a small wrap-around in-memory buffer. The messages so logged may be displayed with "show log".

logging history does have to do with logging messages: logging history has to do with recording command entries so that they can be recalled and editted and resubmitted.

logging trap does not send SNMP-traps on a PIX: logging trap controls what is sent as normal syslog messages to the hosts designated by the logging host commands. On the PIX, the destination port and protocol is configurable, and if a TCP protocol is chosen then the PIX will start refusing traffic if it is not able to get TCP ACK messages for the logs [this is for the security theory that traffic that cannot be logged should be refused, to prevent attackers from flooding the logs with forged messages and then, logs full, undertake the real attack unlogged.]

PIX 6.x sends very few SNMP traps, and it only sends them to snmp-server hosts which either have the "trap" option set, or have no "trap" and no "poll" option (in other words, you cannot set both options on the same command line, and if you want a host to be able to poll and to have snmp traps sent to it, then leave off the option.)

Reply to
Walter Roberson

logging buffer creates an internal logging buffer where you can see recent messages using the command show log

logging history changes the default level of syslog messages stored in the history file and sent to the SNMP serv

to log messages to a syslogging server, use the command logging

Reply to
Merv

But both commands stores the syslog-messages to a storage on a IOS-Device (Most of my devices are switches). If I don't want to send the syslogs as SNMP-Traps, I can switch off the history-logging? Because the devices would store the same message twice. That will cost memory only, but nothing else, right?

Reply to
Christian Roos

logging history size 0

So what I think you would want to configure would be something like:

logging history size 0 logging buffer 10000 debug logging 192.168.1.250

It is very handy to have the local debug syslogging especially when debugging a problem

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.