Syslog logging levels (2900 XL V12.0(5)

I have a 2924-XL-EN with IOS 12.0(5).

I can set it up to send SYSLOG events to my syslog server. However, it is not clear what each level of the LOGGING TRAP means.

SWITCH1(config)#logging trap ? alerts Immediate action needed critical Critical conditions debugging Debugging messages emergencies System is unusable errors Error conditions informational Informational messages notifications Normal but significant conditions warnings Warning conditions

The CLI doesn't seem to accept multiple items. (does it ?)

One of the many ever-so-slightly-different command references for that switch on the cisco web site allodes that having "no logging trap" means you get all possible error messages. But doing so on my switch turns off syslog messages alltogether.

Based on some googling of this newsgroup, I found that some are using "debug". I tried this and then started to see some syslog messages being sent. So I know the path works to the syslog server.

But that doesn't explain the trap options. Are they in some particular order that encompasses the mesages that are "below" it, or are they exclusive of each other and you can only select one level ?

Also, in an interface configuration mode, you can also specify logging of events (interface up, down etc). Does an interface's LOGGING configuration get filtered by the LOGGING TRAP or does it override it ?

I.E. If I set an interface to log up/down events, will they get logged no matter whether the LOGGING TRAP is set to alerts or informational or whatever ?

Reply to
JF Mezei
Loading thread data ...

Not in this case.

2924-XL-EN IOS 12.0(5) command reference

You should be able to find the exact one you need. IOS has many many features that are the same in all models and versions but there are a few gotchas. If you post a sh ver with the exact version then maybe someone will point you at the correct docs. Anything that refers to 2924-XL (the XL) is important should be OK for most things. Sometimes later version docs have better explanations or are more complete. There may be new features but it is VERY (really very) rare for existing features to work differently.

formatting link
formatting link

no logging trap ! < -- disables syslog mesages. I would be surprised if any cisco doc says otherwise.

Yes.

Well, no.

Filtered.

The levels with numeric values. #conf t Enter configuration commands, one per line. End with CNTL/Z. (config)#logg tr ? Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4)

So:-

logging trap debug ! < -- debug = level 7

Enables ALL configured logging to be sent to configured syslog server.

logg deb alert ! level 1

Enables level zero and one messages that are being generated due to other configuration to be sent to the syslog server.

Similiarly e.g.

no logg console logg buffered warn no logg monitior

Reply to
Bod43

formatting link
The above URL doesn't seem to have a reference to the LOGGING command... And interestingly, in my searches for the 2900 XL doc, I had gotten to ps605 and ps607 instead of ps637. But PS637 is for more recent software release. (607 was for 11.2(8).)

My switch is at:

IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC9

With some many products and so many versions, I have to get my footing on their web site to get to the doc I need.

The one document I had found (sorry I don't have the URL anymore) mentioned something to the order of the logging trap command adding filters to decide what messages get sent to the syslog server. (so by induction, the no traps should have no filters :-)

I'll put this down as a newbie error.

er line. End with CNTL/Z.

Thanks. I had seen this in an old post. But my display is different:

SWITCH1(config)#logging trap ? alerts Immediate action needed critical Critical conditions debugging Debugging messages emergencies System is unusable errors Error conditions informational Informational messages notifications Normal but significant conditions warnings Warning conditions

Interestin that in both cases, the levels are not listed in numeric order.

So I'll have to bookmark your post as documentation addendum to the cisco stuff :-) Thanks.

Reply to
JF Mezei

formatting link

Oh dear. The Cisco ducumentation structure follows the software structure.

There is a base IOS e.g. Version12. There there are various special, lets say, releases with support for various hardware and software features. The /Routers/ except for new ones all run the base IOS, correctly called "Mainline". The 2950XL has a special build just for it since the hardware and required operation were so far away from the functioning of a Router. Hence the "WC" (And yes that would be a good place for a 2950XL). Sorry its just a bit old. Does what it does OK.

The logging is generic IOS so maybe you need to look in the mainline documentation for the details.

My view is that logging is poorly documented anyway. I seem to recall that there is a Cisco Press book on Managing Cisco Networks. As with pretty much all IT you will have to try it yourself to be sure that it is as you expect.

It is all a bit complex but imagine if every device had its own different OS. That would be worse and was what all the network kit manufacturers that used to compete with Cisco did. New product, new software. They are not competing any more.

The "help" extract that I sent you was from an 837 router running 12.4(8) "roughly". I had complete confidence that the logging levels were the same without checking anything. I knew that Cisco had improved the help a bit over the 8 years between our two products.

For your logging material look at the model documentation, then go to the latest mainline (the documentation has improved over the years). If something is not working check the correct mainline.

search for things like [12.0(5)WC9 command reference] That will get you the release notes!!!

My guess is that as they went from WC5...WC9 the command reference was not revised. Probably just say show stopper security updates. Almost invariably such minor version changes do not offer different functionality. Release notes wil tell you,

They are in alphabetic order like all other command line help is. Maybe they should have made an exception here?

Reply to
Bod43

Did I mention I was a newbie with Cisco ? :-)

Thanks for your explanation. I'll wade through the website and try to find the mainline doc. I suspected as much when the doc for the 2900XL series seemed so incomplete.

It is just a question of one getting his/her footing and knowing how things are organised. And I thank you for getting me started.

Reply to
JF Mezei

formatting link
IOS Roadmap.

Thing is, the 2950XL was one of the first IOS switches and I don't think that it made it to this road map.

Still, I think that it is very useful, the roadmap that is.

Oops, it does not provide much coverage of 12.4? Hmmm! It would be a shame if this was dumped. Anyone else find it useful?

Reply to
Bod43

formatting link

Thanks. But my 2924 XL-EN shows a Version 12.0(5)WC9

And on that page. there are plenty of 12.0(5)xx but none of the "xx" matches the WC9 I have.

Doing a search, it appears WC9 was some special version. the release notes point to a fix in a TCPIP vulnerability.

In terms of seeking the right documentation, is 12.0(5) signifiant enough to find the right docset, or do I need extra letters after that ?

Reply to
JF Mezei

formatting link
>

NOTE: this is more for routers than switches. switch IOS is a different beast on a different schedule. The latest switch IOS on current hardware across the board is still 12.2(x)XXX. Much switch hardware current IOS is a 12.1, while older switch hardware was 12.0..

And the latest code for 2924XL is 12.0(5)WC15 or WC16 or so.

WC9 is just one build among many. You have to read the release notes deeply to figure out what was fixed along the way from WC5 to WC9 to WC15.

For Switches, not routers, do look more at the config guides for the particular hardware you are doing. Each hardware config is pretty different, and knowing the config options for that piece of hardware is much more important than knowing IOS. Cisco has the config guide documentation for the hardware switches listed in each product page for them, or under the

formatting link
area.

Don't bother reading 12.0(5) IOS Router documentation for switching. You won't get that much out of it, because a switch isn't a router, even if they both run IOS.

Reply to
Doug McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.