Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco logging

Reply
Thread Tools

cisco logging

 
 
pdyne@hotmail.com
Guest
Posts: n/a
 
      06-14-2007
Greetings,

I'm trying to accomplish something simple but having problems due to
limited experience. I want to troubleshoot an access list I applied
on an interface. I went ahead and added "log" to each access list and
also added a deny all at the end of the list with a "log: as well. Now
by enabling logging and loggin console I am able to ocassionally see
my attemps from another session on the terminal. My first question is,
why am I not able to see all the attemps i'm making? Also by tying
this command "show logging" I get the following: My last question is,
How can I view the stored console logs?


Any information would be greatly appreciated.

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
0 flushes,
0 overruns)
Console logging: level debugging, 121 messages logged
Monitor logging: level debugging, 19 messages logged
Logging to: vty6(17)
Buffer logging: disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 125 message lines logged

Any information would be greatly appreciated.

 
Reply With Quote
 
 
 
 
Chad Mahoney
Guest
Posts: n/a
 
      06-14-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Greetings,
>
> I'm trying to accomplish something simple but having problems due to
> limited experience. I want to troubleshoot an access list I applied
> on an interface. I went ahead and added "log" to each access list and
> also added a deny all at the end of the list with a "log: as well. Now
> by enabling logging and loggin console I am able to ocassionally see
> my attemps from another session on the terminal. My first question is,
> why am I not able to see all the attemps i'm making? Also by tying
> this command "show logging" I get the following: My last question is,
> How can I view the stored console logs?
>
>
> Any information would be greatly appreciated.
>
> Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
> 0 flushes,
> 0 overruns)
> Console logging: level debugging, 121 messages logged
> Monitor logging: level debugging, 19 messages logged
> Logging to: vty6(17)
> Buffer logging: disabled
> Logging Exception size (4096 bytes)
> Count and timestamp logging messages: disabled
> Trap logging: level informational, 125 message lines logged
>
> Any information would be greatly appreciated.
>



First thing is to setup a syslog server. Google Kiwi Syslog for Windows
systems, in *NIX it has its own syslog server.
Also what equipment is this?

Once you have the Syslog installed and running login to the device and
enter:


# logging on
# logging trap 7 (this will log all events on the device)
# logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
# write memory

Once you do this all log messages will be sent to the server and stored
into a logfile for later review.
 
Reply With Quote
 
 
 
 
pdyne@hotmail.com
Guest
Posts: n/a
 
      06-14-2007
On Jun 14, 10:43 am, Chad Mahoney <(E-Mail Removed)0ney.com> wrote:
> (E-Mail Removed) wrote:
> > Greetings,

>
> > I'm trying to accomplish something simple but having problems due to
> > limited experience. I want to troubleshoot an access list I applied
> > on an interface. I went ahead and added "log" to each access list and
> > also added a deny all at the end of the list with a "log: as well. Now
> > by enabling logging and loggin console I am able to ocassionally see
> > my attemps from another session on the terminal. My first question is,
> > why am I not able to see all the attemps i'm making? Also by tying
> > this command "show logging" I get the following: My last question is,
> > How can I view the stored console logs?

>
> > Any information would be greatly appreciated.

>
> > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
> > 0 flushes,
> > 0 overruns)
> > Console logging: level debugging, 121 messages logged
> > Monitor logging: level debugging, 19 messages logged
> > Logging to: vty6(17)
> > Buffer logging: disabled
> > Logging Exception size (4096 bytes)
> > Count and timestamp logging messages: disabled
> > Trap logging: level informational, 125 message lines logged

>
> > Any information would be greatly appreciated.

>
> First thing is to setup a syslog server. Google Kiwi Syslog for Windows
> systems, in *NIX it has its own syslog server.
> Also what equipment is this?
>
> Once you have the Syslog installed and running login to the device and
> enter:
>
> # logging on
> # logging trap 7 (this will log all events on the device)
> # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
> # write memory
>
> Once you do this all log messages will be sent to the server and stored
> into a logfile for later review.- Hide quoted text -
>
> - Show quoted text -


Thanks for the quick reply.
The reason why I didn't go the syslog way is because I want the
ability to troubleshoot these acces lists on the "fly". I don't want
to have to setup a syslog every time I need to troubleshoot a remote
router. I would like to be able to vew the stored logs to better
understand and see what's I've missed.
Regarding the syslog, is there a way or a number that would only log
these "%SEC-6-IPACCESSLOGP"

*Mar 1 18:15:19.667: %SEC-6-IPACCESSLOGP: list 101 denied tcp
*Mar 1 18:15:19.671: %SEC-6-IPACCESSLOGP: list 101 denied tcp
*Mar 1 18:16:19.687: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
*Mar 1 18:16:19.691: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
*Mar 1 18:18:19.723: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
*Mar 1 18:20:19.759: %SEC-6-IPACCESSLOGP: list 101 denied tcp
*Mar 1 18:21:19.779: %SEC-6-IPACCESSLOGP: list 101 permitted tcp

Thanks again.

This particular router is a 1721.

 
Reply With Quote
 
ScottyC
Guest
Posts: n/a
 
      06-14-2007
On Jun 14, 3:55 pm, (E-Mail Removed) wrote:
> On Jun 14, 10:43 am, Chad Mahoney <(E-Mail Removed)0ney.com> wrote:
>
>
>
>
>
> > (E-Mail Removed) wrote:
> > > Greetings,

>
> > > I'm trying to accomplish something simple but having problems due to
> > > limited experience. I want to troubleshoot an access list I applied
> > > on an interface. I went ahead and added "log" to each access list and
> > > also added a deny all at the end of the list with a "log: as well. Now
> > > by enabling logging and loggin console I am able to ocassionally see
> > > my attemps from another session on the terminal. My first question is,
> > > why am I not able to see all the attemps i'm making? Also by tying
> > > this command "show logging" I get the following: My last question is,
> > > How can I view the stored console logs?

>
> > > Any information would be greatly appreciated.

>
> > > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
> > > 0 flushes,
> > > 0 overruns)
> > > Console logging: level debugging, 121 messages logged
> > > Monitor logging: level debugging, 19 messages logged
> > > Logging to: vty6(17)
> > > Buffer logging: disabled
> > > Logging Exception size (4096 bytes)
> > > Count and timestamp logging messages: disabled
> > > Trap logging: level informational, 125 message lines logged

>
> > > Any information would be greatly appreciated.

>
> > First thing is to setup a syslog server. Google Kiwi Syslog for Windows
> > systems, in *NIX it has its own syslog server.
> > Also what equipment is this?

>
> > Once you have the Syslog installed and running login to the device and
> > enter:

>
> > # logging on
> > # logging trap 7 (this will log all events on the device)
> > # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
> > # write memory

>
> > Once you do this all log messages will be sent to the server and stored
> > into a logfile for later review.- Hide quoted text -

>
> > - Show quoted text -

>
> Thanks for the quick reply.
> The reason why I didn't go the syslog way is because I want the
> ability to troubleshoot these acces lists on the "fly". I don't want
> to have to setup a syslog every time I need to troubleshoot a remote
> router. I would like to be able to vew the stored logs to better
> understand and see what's I've missed.
> Regarding the syslog, is there a way or a number that would only log
> these "%SEC-6-IPACCESSLOGP"
>
> *Mar 1 18:15:19.667: %SEC-6-IPACCESSLOGP: list 101 denied tcp
> *Mar 1 18:15:19.671: %SEC-6-IPACCESSLOGP: list 101 denied tcp
> *Mar 1 18:16:19.687: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
> *Mar 1 18:16:19.691: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
> *Mar 1 18:18:19.723: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
> *Mar 1 18:20:19.759: %SEC-6-IPACCESSLOGP: list 101 denied tcp
> *Mar 1 18:21:19.779: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
>
> Thanks again.
>
> This particular router is a 1721.- Hide quoted text -
>
> - Show quoted text -


Hi,

If you setup a syslog server and then setup logging on all your
devices you'll never have to configure logging again. The most you'll
have to do is change the logging levels (although I tend to log
everything and purge old logs so I dont even ened to do that). You can
do on-the-fly logging via a *nix system by using the "tail -f"
command.

Cheers
Scotty C

 
Reply With Quote
 
pdyne@hotmail.com
Guest
Posts: n/a
 
      06-14-2007
On Jun 14, 11:53 am, ScottyC <(E-Mail Removed)> wrote:
> On Jun 14, 3:55 pm, (E-Mail Removed) wrote:
>
>
>
>
>
> > On Jun 14, 10:43 am, Chad Mahoney <(E-Mail Removed)0ney.com> wrote:

>
> > > (E-Mail Removed) wrote:
> > > > Greetings,

>
> > > > I'm trying to accomplish something simple but having problems due to
> > > > limited experience. I want to troubleshoot an access list I applied
> > > > on an interface. I went ahead and added "log" to each access list and
> > > > also added a deny all at the end of the list with a "log: as well. Now
> > > > by enabling logging and loggin console I am able to ocassionally see
> > > > my attemps from another session on the terminal. My first question is,
> > > > why am I not able to see all the attemps i'm making? Also by tying
> > > > this command "show logging" I get the following: My last question is,
> > > > How can I view the stored console logs?

>
> > > > Any information would be greatly appreciated.

>
> > > > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
> > > > 0 flushes,
> > > > 0 overruns)
> > > > Console logging: level debugging, 121 messages logged
> > > > Monitor logging: level debugging, 19 messages logged
> > > > Logging to: vty6(17)
> > > > Buffer logging: disabled
> > > > Logging Exception size (4096 bytes)
> > > > Count and timestamp logging messages: disabled
> > > > Trap logging: level informational, 125 message lines logged

>
> > > > Any information would be greatly appreciated.

>
> > > First thing is to setup a syslog server. Google Kiwi Syslog for Windows
> > > systems, in *NIX it has its own syslog server.
> > > Also what equipment is this?

>
> > > Once you have the Syslog installed and running login to the device and
> > > enter:

>
> > > # logging on
> > > # logging trap 7 (this will log all events on the device)
> > > # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
> > > # write memory

>
> > > Once you do this all log messages will be sent to the server and stored
> > > into a logfile for later review.- Hide quoted text -

>
> > > - Show quoted text -

>
> > Thanks for the quick reply.
> > The reason why I didn't go the syslog way is because I want the
> > ability to troubleshoot these acces lists on the "fly". I don't want
> > to have to setup a syslog every time I need to troubleshoot a remote
> > router. I would like to be able to vew the stored logs to better
> > understand and see what's I've missed.
> > Regarding the syslog, is there a way or a number that would only log
> > these "%SEC-6-IPACCESSLOGP"

>
> > *Mar 1 18:15:19.667: %SEC-6-IPACCESSLOGP: list 101 denied tcp
> > *Mar 1 18:15:19.671: %SEC-6-IPACCESSLOGP: list 101 denied tcp
> > *Mar 1 18:16:19.687: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
> > *Mar 1 18:16:19.691: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
> > *Mar 1 18:18:19.723: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
> > *Mar 1 18:20:19.759: %SEC-6-IPACCESSLOGP: list 101 denied tcp
> > *Mar 1 18:21:19.779: %SEC-6-IPACCESSLOGP: list 101 permitted tcp

>
> > Thanks again.

>
> > This particular router is a 1721.- Hide quoted text -

>
> > - Show quoted text -

>
> Hi,
>
> If you setup a syslog server and then setup logging on all your
> devices you'll never have to configure logging again. The most you'll
> have to do is change the logging levels (although I tend to log
> everything and purge old logs so I dont even ened to do that). You can
> do on-the-fly logging via a *nix system by using the "tail -f"
> command.
>
> Cheers
> Scotty C- Hide quoted text -
>
> - Show quoted text -


thanks. How about just viewing what the cisco router has stored?

Console logging: level debugging, 121 messages logged
Monitor logging: level debugging, 19 messages logged

 
Reply With Quote
 
maco maco is offline
Junior Member
Join Date: Jun 2007
Posts: 10
 
      06-14-2007
show log

(you need to enable logging buffered first
logging buffered <level>
)
 
Reply With Quote
 
jseemann@gmail.com
Guest
Posts: n/a
 
      06-14-2007
If you're just parsing for deny messages "on the fly", you can use

#>show log | include deny

that will parse the log and just spit you out the deny statements.

You'll also want to increase your logging buffer if you don't want to
use a syslog server; typically its quite small to begin with and
depending on activity the log will scroll too fast.

(config)#>logging buffer 20000 (for example)


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Logging to a file and closing it again properly (logging module) Christoph Haas Python 1 06-14-2006 08:47 AM
Logging to a file and closing it again properly (logging module) Christoph Haas Python 0 06-12-2006 09:58 PM
logging buffered vs. logging history Christian Roos Cisco 4 02-05-2006 10:55 PM
java.util.logging, where to put logging.properties? janne Java 0 09-10-2004 10:18 AM
[java.util.logging] logging only to _one_ file Stefan Siegl Java 0 08-27-2003 12:29 PM



Advertisments