Services

Gestion des logs

Auteur

Noël NICOLAS

Date

1 décembre 2019

Commentaires

0

Gestion des logs 1
Services

Chaque équipement actif stocke ces logs en local. Il est primordial de les centraliser et de regarder l’état de santé de ce dernier.

Nos équipements classent les logs par niveau d’alerte. Allant du plus grave au moins grave.

Je vous donne de suite rendez-vous en mode configuration 😉

Configuration

Vérifier les logs présents sur l’équipement actif

show logging

Ajouter la date et l’heure aux logs ( bien vérifier sa configuration NTP avant de faire cette action )

service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime

Afficher les logs en temps réel en mode console

logging console

Afficher les logs en temps réel en mode SSH/TELNET

Logging monitor

Envoyer les logs sur un serveur SYSLOG

logging X.X.X.X

 

Les niveaux d’alerte

Les niveaux d'alerte
Les niveaux d’alerte

0 = Système inutilisable.
1 = Une intervention immédiate est nécessaire.
2 = Erreur critique pour le système.
3 = Erreur de fonctionnement.
4 = Avertissement
5 = Événement normal méritant d’être signalé.
6 = Pour information.
7 = Message de mise au point.

Faire le tri dans ces logs

Le problème avec les logs …. c’est qu’il y en as vraiment beaucoup !!!

Et les informations importantes sont noyées dans les informations non importantes. La preuve en image :

SW1# sh logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


    Console logging: level debugging, 39 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 39 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled
    Trap logging: level informational, 42 message lines logged

Log Buffer (4096 bytes):

*Mar  1 00:00:29.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar  1 00:00:31.222: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar  1 00:00:52.881: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 17:42 by gereddy
*Mar  1 00:00:54.173: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar  1 00:00:54.182: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
*Mar  1 00:00:55.180: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar  1 00:00:59.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
*Mar  1 00:01:24.909: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Mar  1 00:08:53.683: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:13:55.740: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:16:24.654: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:18:30.819: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:28:40.276: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:57:59.669: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:59:04.253: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
*Mar  1 00:59:30.124: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
*Mar  1 00:59:55.298: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
*Mar  1 01:11:05.061: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 02:56:47.100: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
*Mar  1 02:56:47.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar  1 02:56:47.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
*Mar  1 02:56:47.109: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down
*Mar  1 02:56:51.832: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
*Mar  1 02:57:21.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Mar  1 02:57:21.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
*Mar  1 02:57:21.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
*Mar  1 05:07:40.985: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
*Mar  1 05:07:41.002: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar  1 05:07:41.002: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
*Mar  1 05:07:41.002: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down
*Mar  1 05:07:42.000: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to down
*Mar  1 05:09:08.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar  1 05:09:08.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
*Mar  1 05:09:09.862: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
*Mar  1 05:09:15.893: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar  1 05:09:16.900: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar  1 05:09:44.918: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
*Mar  1 05:09:44.918: %IP-4-DUPADDR: Duplicate address 192.168.10.254 on Vlan10, sourced by 0014.6969.bcc8
*Mar  1 05:20:53.666: %SYS-5-CONFIG_I: Configured from console by console
SW1#

Afin d’éviter d’être polluer, je vous conseil de mettre cette commande sur toutes vos interfaces clientes :

no logging event link-status

Conclusion

En espérant que cet article vous a été utile !
N’hésitez pas à me la faire savoir !!

FingerInTheNet.com

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

15 + vingt =

%d blogueurs aiment cette page :