Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


What to look in the syslog messages

What to look in the syslog messages

What to look in the syslog messages

Hi, i'm not really using a cisco switch but i'm sending all my switch logs to a splunk server and I use it for postmortem analyses.

But i was wondering if i could get usefull info for supervision from there logs.

By now i only check three things :
- All notifications there are not link up/down, ssh sessions, FIB refresh and NTP.
- Nb of linkup/down for every switch by time
- The nb of MSTP modification by switch by time

I was wondering what other thing it might be interesting to watch.

Thank you.

RE: What to look in the syslog messages

Get Splunk to listen for SNMP traps and make SNMP queries - then you can use it to generate performance statistics.

RE: What to look in the syslog messages

Yes, thanks but i was wondering what queries i can make...


RE: What to look in the syslog messages

Syslog doesn't really get stuff that's incredibly interesting.

Ports up/down.
Some errors, but how can you predict which ones? Maybe you can devise a query that looks generically for log entries that contain an error code?

Really, the thing you want is information about congested links and errors on interfaces, and SNMP queries are what you need there.

RE: What to look in the syslog messages

ACL and IPS atomic sig filtered blocks, etc. too though...but yeah, other than that I agree w/Vince

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
service-policy input CoPP-POLICY

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close