Howto: Using Syslog Filters when Troubleshooting
Overview
Troubleshooting a switch with debug commands can be very powerful, but it can also be frustrating with tracking down the relevant information. Especially if you are trying to do this on a console - even with two - and the data just keeps scrolling by. Directing debug output to a syslog console, and filtering what is sent can be very useful.
Use Case
3cdaemon is a cool piece of software from 3Com that I have been using for many decades! It has several really useful, easy to configure networking tools - including a syslog server.
It is easy to turn on logging to one or more syslog servers like this one in CX:
logging 172.20.100.111 severity debug
logging 172.20.100.185 severity notice
Enable the relevant debug commands on the features of interest, and set the debug destination to syslog, eg:
debug ztp all
debug containers all
debug dhcpoptions all
debug dhcpv4snooping all
debug dhcprelay all
debug destination syslog
Config Syslog Filter
That might be sufficient, but on a busy switch, it is likely that there will plenty of other activity being logged - ie noise that needs to be filtered out. This is easily achieved with a syslog filter, and can be changed on the fly. And different filters can be applied to different syslog servers.
Set up the named filter (from the CLI or Central MultiEdit):
logging filter 3cdaemon
enable
10 deny includes REST|rest
80 deny event-id 4602
82 deny event-id 4608
100 deny event-id 14307
110 deny event-id 14003
1000 permit
In this list, I blocked anything with REST or rest, and those 4 event IDs. They were the ones that were coming through often enough to be annoying. Everything else was permitted. You could tailor one or more lists to suit specific troubleshooting tasks or scenarios, possibly doing the reverse where you allow specific event IDs or text, and block everything else.
And apply it to the correct destination syslog server:
logging 172.20.100.111 severity debug filter 3cdaemon
I use this filter to stop the noisiest messages from appearing in my 3cdaemon syslog view.
------------------------------
Richard Litchfield
Airheads MVP 2020, 2021, 2022
------------------------------