Jump to content
Калькуляторы

cisco syslog длина сообщения

Reply to this topic

stalker86   

stalker86
Posted

Есть ли шанс как либо пофиксить малой кроью такую проблему - обрезается syslog сообщение.

 

То есть например в логе циске

 

========

007105: Jul 13 22:20:45: %MCAST-SP-3-QUERY_INT_MISMATCH: Snooping Querier received a non-matching query interval (125000 msec),

from querier address (192.168.24.208) on VLAN(10).Configured query-interval (60000 msec)

========

 

А до syslog-сервера долетает лишь

 

========

Jul 13 22:20:46 10.22.2.68 7008: 007105: Jul 13 22:20:45: %MCAST-SP-3-QUERY_INT_MISMATCH: Snooping Querier received a non-matching query

interval (125000 msec),

========

 

 

Причём именно так и долетает, если посмотреть в tcpdump

 

Frame 1: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits)

Ethernet II, Src: CiscoInc_ac:d0:00 (00:0f:35:ac:d0:00), Dst: IntelCor_de:24:6a (00:15:17:de:24:6a)

Internet Protocol Version 4, Src: 10.22.2.68, Dst: 10.22.2.65

User Datagram Protocol, Src Port: 49868 (49868), Dst Port: 514 (514)

Syslog message: LOCAL6.ERR: 6637: 006734: Jul 11 17:03:02: %MCAST-SP-3-QUERY_INT_MISMATCH: Snooping Querier received a non-matching query

 

 

interval (125000 msec),

1011 0... = Facility: LOCAL6 - reserved for local use (22)

.... .011 = Level: ERR - error conditions (3)

Message: 6637: 006734: Jul 11 17:03:02: %MCAST-SP-3-QUERY_INT_MISMATCH: Snooping Querier received a non-matching query interval (125000 msec),

Share this post

Link to post
Share on other sites

stalker86   

stalker86
Posted

ну.. сервре сислога и циска в 1 влане сидят напрямую. Между ними с запретом фрагментации спокойно проходит пинг в 1472 байта. (ping -M do 10.22.2.68 -s 1472 )

а тут и этого нет..

 

Frame 1: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits)

Share this post

Link to post
Share on other sites

mikezzzz   

mikezzzz
Posted (edited)

stalker86 ознакомьтесь http://www.gossamer-threads.com/lists/cisco/nsp/153289 :)

иос какой? вчера поставили SY7, данные сообщения в логи и сислоги полностью попадают.

как workaround - сидеть с terminal monitor для вычленения гадов

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCts38007/?referring_site=bugquickviewredir

Edited by mikezzzz

Share this post

Link to post
Share on other sites

stalker86   

stalker86
Posted

Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright © 1986-2016 by Cisco Systems, Inc.

Compiled Sun 13-Mar-16 07:31 by prod_rel_team

 

ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4)

 

 

Если Вы про само сообщение -то там VoIp адаптер длинковский умничает. Отфильтровал с него мультикаст ацлем на свитче в котором он висит.

Меня волнует именно то, что сислог обрезается.

Виновника найти не получается. сервер воткнут напрямую в онную циску.

Share this post

Link to post
Share on other sites

mikezzzz   

mikezzzz
Posted

забавно, у нас Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISE-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4) и такой "фичи" нет.

а в шапке show log чего по счетчикам?

Share this post

Link to post
Share on other sites

stalker86   

stalker86
Posted

Чисто

===

ASW1_C6509#sh log

Syslog logging: enabled (1 messages dropped, 14 messages rate-limited, 88 flushes, 0 overruns, xml disabled, filtering disabled)

 

No Active Message Discriminator.

 

 

 

No Inactive Message Discriminator.

 

 

Console logging: level debugging, 12494 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 12393 messages logged, xml disabled,

filtering disabled

Exception Logging: size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

 

No active filter modules.

 

ESM: 0 messages dropped

 

Trap logging: level notifications, 7078 message lines logged

Logging to 10.22.2.65 (MNG) (udp port 514, audit disabled,

link up),

7078 message lines logged,

0 message lines rate-limited,

0 message lines dropped-by-MD,

xml disabled, sequence number disabled

filtering disabled

Logging Source-Interface: VRF Name:

 

Log Buffer (8192 bytes):

Share this post

Link to post
Share on other sites

stalker86   

stalker86
Posted

Чуть выше по топику пишут, что вроде как оно таки работает..

 

забавно, у нас Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISE-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4) и такой "фичи" нет.

а в шапке show log чего по счетчикам?

 

А у Вас tcp или udp транспорт?

Share this post

Link to post
Share on other sites

mikezzzz   

mikezzzz
Posted

у нас дефолт, удп 514

 

show start | i logg
logging buffered 5000000
no logging console
logging event link-status default
no ip dhcp conflict logging
logging trap debugging
logging facility local0
logging source-interface Loopback0
logging host 192.168.15.11
logging host 192.168.10.79
logging host 192.168.66.3 vrf Mgmt-intf

Share this post

Link to post
Share on other sites

stalker86   

stalker86
Posted

Да вроде тоже самое

 

show start | i logg

logging userinfo

logging event link-status default

logging trap notifications

logging facility local6

logging host 10.22.2.65 vrf MNG

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Followers 0
Go to topic listing Активное оборудование Ethernet, IP, MPLS, SDN/NFV...