Gestion des logs
Auteur
Noël NICOLAS
Date
1 décembre 2019
Commentaires
0
Chaque équipement actif stocke ces logs en local. Il est primordial de les centraliser et de regarder l’état de santé de ce dernier.
Nos équipements classent les logs par niveau d’alerte. Allant du plus grave au moins grave.
Je vous donne de suite rendez-vous en mode configuration 😉
Configuration
Vérifier les logs présents sur l’équipement actif
show logging
Ajouter la date et l’heure aux logs ( bien vérifier sa configuration NTP avant de faire cette action )
service timestamps debug datetime msec localtime service timestamps log datetime msec localtime
Afficher les logs en temps réel en mode console
logging console
Afficher les logs en temps réel en mode SSH/TELNET
Logging monitor
Envoyer les logs sur un serveur SYSLOG
logging X.X.X.X
Les niveaux d’alerte
0 = Système inutilisable.
1 = Une intervention immédiate est nécessaire.
2 = Erreur critique pour le système.
3 = Erreur de fonctionnement.
4 = Avertissement
5 = Événement normal méritant d’être signalé.
6 = Pour information.
7 = Message de mise au point.
Faire le tri dans ces logs
Le problème avec les logs …. c’est qu’il y en as vraiment beaucoup !!!
Et les informations importantes sont noyées dans les informations non importantes. La preuve en image :
SW1# sh logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 39 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 39 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
Trap logging: level informational, 42 message lines logged
Log Buffer (4096 bytes):
*Mar 1 00:00:29.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:00:31.222: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 1 00:00:52.881: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 17:42 by gereddy
*Mar 1 00:00:54.173: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:00:54.182: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
*Mar 1 00:00:55.180: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 1 00:00:59.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
*Mar 1 00:01:24.909: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Mar 1 00:08:53.683: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:13:55.740: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:16:24.654: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:18:30.819: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:28:40.276: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:57:59.669: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:59:04.253: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
*Mar 1 00:59:30.124: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
*Mar 1 00:59:55.298: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
*Mar 1 01:11:05.061: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 02:56:47.100: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
*Mar 1 02:56:47.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 02:56:47.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
*Mar 1 02:56:47.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down
*Mar 1 02:56:51.832: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
*Mar 1 02:57:21.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Mar 1 02:57:21.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
*Mar 1 02:57:21.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
*Mar 1 05:07:40.985: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
*Mar 1 05:07:41.002: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 05:07:41.002: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
*Mar 1 05:07:41.002: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down
*Mar 1 05:07:42.000: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to down
*Mar 1 05:09:08.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 1 05:09:08.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
*Mar 1 05:09:09.862: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
*Mar 1 05:09:15.893: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 05:09:16.900: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 1 05:09:44.918: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
*Mar 1 05:09:44.918: %IP-4-DUPADDR: Duplicate address 192.168.10.254 on Vlan10, sourced by 0014.6969.bcc8
*Mar 1 05:20:53.666: %SYS-5-CONFIG_I: Configured from console by console
SW1#
Afin d’éviter d’être polluer, je vous conseil de mettre cette commande sur toutes vos interfaces clientes :
no logging event link-status
Conclusion
En espérant que cet article vous a été utile !
N’hésitez pas à me la faire savoir !!
FingerInTheNet.com
Expert Réseau
11 ans d’expérience
CCNP Routing and Switching
Fondateur de FingerInTheNet