cisco logging

Discussion in 'Cisco' started by pdyne@hotmail.com, Jun 14, 2007.

  1. Guest

    Greetings,

    I'm trying to accomplish something simple but having problems due to
    limited experience. I want to troubleshoot an access list I applied
    on an interface. I went ahead and added "log" to each access list and
    also added a deny all at the end of the list with a "log: as well. Now
    by enabling logging and loggin console I am able to ocassionally see
    my attemps from another session on the terminal. My first question is,
    why am I not able to see all the attemps i'm making? Also by tying
    this command "show logging" I get the following: My last question is,
    How can I view the stored console logs?


    Any information would be greatly appreciated.

    Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
    0 flushes,
    0 overruns)
    Console logging: level debugging, 121 messages logged
    Monitor logging: level debugging, 19 messages logged
    Logging to: vty6(17)
    Buffer logging: disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level informational, 125 message lines logged

    Any information would be greatly appreciated.
     
    , Jun 14, 2007
    #1
    1. Advertising

  2. Chad Mahoney Guest

    wrote:
    > Greetings,
    >
    > I'm trying to accomplish something simple but having problems due to
    > limited experience. I want to troubleshoot an access list I applied
    > on an interface. I went ahead and added "log" to each access list and
    > also added a deny all at the end of the list with a "log: as well. Now
    > by enabling logging and loggin console I am able to ocassionally see
    > my attemps from another session on the terminal. My first question is,
    > why am I not able to see all the attemps i'm making? Also by tying
    > this command "show logging" I get the following: My last question is,
    > How can I view the stored console logs?
    >
    >
    > Any information would be greatly appreciated.
    >
    > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
    > 0 flushes,
    > 0 overruns)
    > Console logging: level debugging, 121 messages logged
    > Monitor logging: level debugging, 19 messages logged
    > Logging to: vty6(17)
    > Buffer logging: disabled
    > Logging Exception size (4096 bytes)
    > Count and timestamp logging messages: disabled
    > Trap logging: level informational, 125 message lines logged
    >
    > Any information would be greatly appreciated.
    >



    First thing is to setup a syslog server. Google Kiwi Syslog for Windows
    systems, in *NIX it has its own syslog server.
    Also what equipment is this?

    Once you have the Syslog installed and running login to the device and
    enter:


    # logging on
    # logging trap 7 (this will log all events on the device)
    # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
    # write memory

    Once you do this all log messages will be sent to the server and stored
    into a logfile for later review.
     
    Chad Mahoney, Jun 14, 2007
    #2
    1. Advertising

  3. Guest

    On Jun 14, 10:43 am, Chad Mahoney <0ney.com> wrote:
    > wrote:
    > > Greetings,

    >
    > > I'm trying to accomplish something simple but having problems due to
    > > limited experience. I want to troubleshoot an access list I applied
    > > on an interface. I went ahead and added "log" to each access list and
    > > also added a deny all at the end of the list with a "log: as well. Now
    > > by enabling logging and loggin console I am able to ocassionally see
    > > my attemps from another session on the terminal. My first question is,
    > > why am I not able to see all the attemps i'm making? Also by tying
    > > this command "show logging" I get the following: My last question is,
    > > How can I view the stored console logs?

    >
    > > Any information would be greatly appreciated.

    >
    > > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
    > > 0 flushes,
    > > 0 overruns)
    > > Console logging: level debugging, 121 messages logged
    > > Monitor logging: level debugging, 19 messages logged
    > > Logging to: vty6(17)
    > > Buffer logging: disabled
    > > Logging Exception size (4096 bytes)
    > > Count and timestamp logging messages: disabled
    > > Trap logging: level informational, 125 message lines logged

    >
    > > Any information would be greatly appreciated.

    >
    > First thing is to setup a syslog server. Google Kiwi Syslog for Windows
    > systems, in *NIX it has its own syslog server.
    > Also what equipment is this?
    >
    > Once you have the Syslog installed and running login to the device and
    > enter:
    >
    > # logging on
    > # logging trap 7 (this will log all events on the device)
    > # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
    > # write memory
    >
    > Once you do this all log messages will be sent to the server and stored
    > into a logfile for later review.- Hide quoted text -
    >
    > - Show quoted text -


    Thanks for the quick reply.
    The reason why I didn't go the syslog way is because I want the
    ability to troubleshoot these acces lists on the "fly". I don't want
    to have to setup a syslog every time I need to troubleshoot a remote
    router. I would like to be able to vew the stored logs to better
    understand and see what's I've missed.
    Regarding the syslog, is there a way or a number that would only log
    these "%SEC-6-IPACCESSLOGP"

    *Mar 1 18:15:19.667: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    *Mar 1 18:15:19.671: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    *Mar 1 18:16:19.687: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    *Mar 1 18:16:19.691: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    *Mar 1 18:18:19.723: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
    *Mar 1 18:20:19.759: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    *Mar 1 18:21:19.779: %SEC-6-IPACCESSLOGP: list 101 permitted tcp

    Thanks again.

    This particular router is a 1721.
     
    , Jun 14, 2007
    #3
  4. ScottyC Guest

    On Jun 14, 3:55 pm, wrote:
    > On Jun 14, 10:43 am, Chad Mahoney <0ney.com> wrote:
    >
    >
    >
    >
    >
    > > wrote:
    > > > Greetings,

    >
    > > > I'm trying to accomplish something simple but having problems due to
    > > > limited experience. I want to troubleshoot an access list I applied
    > > > on an interface. I went ahead and added "log" to each access list and
    > > > also added a deny all at the end of the list with a "log: as well. Now
    > > > by enabling logging and loggin console I am able to ocassionally see
    > > > my attemps from another session on the terminal. My first question is,
    > > > why am I not able to see all the attemps i'm making? Also by tying
    > > > this command "show logging" I get the following: My last question is,
    > > > How can I view the stored console logs?

    >
    > > > Any information would be greatly appreciated.

    >
    > > > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
    > > > 0 flushes,
    > > > 0 overruns)
    > > > Console logging: level debugging, 121 messages logged
    > > > Monitor logging: level debugging, 19 messages logged
    > > > Logging to: vty6(17)
    > > > Buffer logging: disabled
    > > > Logging Exception size (4096 bytes)
    > > > Count and timestamp logging messages: disabled
    > > > Trap logging: level informational, 125 message lines logged

    >
    > > > Any information would be greatly appreciated.

    >
    > > First thing is to setup a syslog server. Google Kiwi Syslog for Windows
    > > systems, in *NIX it has its own syslog server.
    > > Also what equipment is this?

    >
    > > Once you have the Syslog installed and running login to the device and
    > > enter:

    >
    > > # logging on
    > > # logging trap 7 (this will log all events on the device)
    > > # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
    > > # write memory

    >
    > > Once you do this all log messages will be sent to the server and stored
    > > into a logfile for later review.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Thanks for the quick reply.
    > The reason why I didn't go the syslog way is because I want the
    > ability to troubleshoot these acces lists on the "fly". I don't want
    > to have to setup a syslog every time I need to troubleshoot a remote
    > router. I would like to be able to vew the stored logs to better
    > understand and see what's I've missed.
    > Regarding the syslog, is there a way or a number that would only log
    > these "%SEC-6-IPACCESSLOGP"
    >
    > *Mar 1 18:15:19.667: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    > *Mar 1 18:15:19.671: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    > *Mar 1 18:16:19.687: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    > *Mar 1 18:16:19.691: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    > *Mar 1 18:18:19.723: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
    > *Mar 1 18:20:19.759: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    > *Mar 1 18:21:19.779: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    >
    > Thanks again.
    >
    > This particular router is a 1721.- Hide quoted text -
    >
    > - Show quoted text -


    Hi,

    If you setup a syslog server and then setup logging on all your
    devices you'll never have to configure logging again. The most you'll
    have to do is change the logging levels (although I tend to log
    everything and purge old logs so I dont even ened to do that). You can
    do on-the-fly logging via a *nix system by using the "tail -f"
    command.

    Cheers
    Scotty C
     
    ScottyC, Jun 14, 2007
    #4
  5. Guest

    On Jun 14, 11:53 am, ScottyC <> wrote:
    > On Jun 14, 3:55 pm, wrote:
    >
    >
    >
    >
    >
    > > On Jun 14, 10:43 am, Chad Mahoney <0ney.com> wrote:

    >
    > > > wrote:
    > > > > Greetings,

    >
    > > > > I'm trying to accomplish something simple but having problems due to
    > > > > limited experience. I want to troubleshoot an access list I applied
    > > > > on an interface. I went ahead and added "log" to each access list and
    > > > > also added a deny all at the end of the list with a "log: as well. Now
    > > > > by enabling logging and loggin console I am able to ocassionally see
    > > > > my attemps from another session on the terminal. My first question is,
    > > > > why am I not able to see all the attemps i'm making? Also by tying
    > > > > this command "show logging" I get the following: My last question is,
    > > > > How can I view the stored console logs?

    >
    > > > > Any information would be greatly appreciated.

    >
    > > > > Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
    > > > > 0 flushes,
    > > > > 0 overruns)
    > > > > Console logging: level debugging, 121 messages logged
    > > > > Monitor logging: level debugging, 19 messages logged
    > > > > Logging to: vty6(17)
    > > > > Buffer logging: disabled
    > > > > Logging Exception size (4096 bytes)
    > > > > Count and timestamp logging messages: disabled
    > > > > Trap logging: level informational, 125 message lines logged

    >
    > > > > Any information would be greatly appreciated.

    >
    > > > First thing is to setup a syslog server. Google Kiwi Syslog for Windows
    > > > systems, in *NIX it has its own syslog server.
    > > > Also what equipment is this?

    >
    > > > Once you have the Syslog installed and running login to the device and
    > > > enter:

    >
    > > > # logging on
    > > > # logging trap 7 (this will log all events on the device)
    > > > # logging x.x.x.x (where x.x.x.x is the IP of the syslog server)
    > > > # write memory

    >
    > > > Once you do this all log messages will be sent to the server and stored
    > > > into a logfile for later review.- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > Thanks for the quick reply.
    > > The reason why I didn't go the syslog way is because I want the
    > > ability to troubleshoot these acces lists on the "fly". I don't want
    > > to have to setup a syslog every time I need to troubleshoot a remote
    > > router. I would like to be able to vew the stored logs to better
    > > understand and see what's I've missed.
    > > Regarding the syslog, is there a way or a number that would only log
    > > these "%SEC-6-IPACCESSLOGP"

    >
    > > *Mar 1 18:15:19.667: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    > > *Mar 1 18:15:19.671: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    > > *Mar 1 18:16:19.687: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    > > *Mar 1 18:16:19.691: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
    > > *Mar 1 18:18:19.723: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
    > > *Mar 1 18:20:19.759: %SEC-6-IPACCESSLOGP: list 101 denied tcp
    > > *Mar 1 18:21:19.779: %SEC-6-IPACCESSLOGP: list 101 permitted tcp

    >
    > > Thanks again.

    >
    > > This particular router is a 1721.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Hi,
    >
    > If you setup a syslog server and then setup logging on all your
    > devices you'll never have to configure logging again. The most you'll
    > have to do is change the logging levels (although I tend to log
    > everything and purge old logs so I dont even ened to do that). You can
    > do on-the-fly logging via a *nix system by using the "tail -f"
    > command.
    >
    > Cheers
    > Scotty C- Hide quoted text -
    >
    > - Show quoted text -


    thanks. How about just viewing what the cisco router has stored?

    Console logging: level debugging, 121 messages logged
    Monitor logging: level debugging, 19 messages logged
     
    , Jun 14, 2007
    #5
  6. maco

    Joined:
    Jun 13, 2007
    Messages:
    10
    show log

    (you need to enable logging buffered first
    logging buffered <level>
    )
     
    maco, Jun 14, 2007
    #6
  7. Guest

    If you're just parsing for deny messages "on the fly", you can use

    #>show log | include deny

    that will parse the log and just spit you out the deny statements.

    You'll also want to increase your logging buffer if you don't want to
    use a syslog server; typically its quite small to begin with and
    depending on activity the log will scroll too fast.

    (config)#>logging buffer 20000 (for example)
     
    , Jun 14, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    866
  2. Graham Turner

    logging of isdn call history - cisco 803

    Graham Turner, Jan 7, 2004, in forum: Cisco
    Replies:
    1
    Views:
    3,983
    AnyBody43
    Jan 9, 2004
  3. Didier

    cisco logging to syslogd?

    Didier, Jan 13, 2004, in forum: Cisco
    Replies:
    13
    Views:
    13,000
  4. Didier

    Re: cisco logging to syslogd?

    Didier, Jan 13, 2004, in forum: Cisco
    Replies:
    12
    Views:
    1,186
    Per Hedeland
    Jan 16, 2004
  5. Christian Roos

    logging buffered vs. logging history

    Christian Roos, Feb 5, 2006, in forum: Cisco
    Replies:
    4
    Views:
    15,330
Loading...

Share This Page