- logging buffered vs. logging history
- Posted by Christian Roos on February 5th, 2006
Hi,
could anybody explain the differences between logging buffered and
logging history? I need the commands only to store the syslogs at my
devices, not to send the messages, as SNMP-Traps, to the NMS.
Regards,
Christian
- Posted by Walter Roberson on February 5th, 2006
In article <1139147869.970910.220960@o13g2000cwo.googlegroups .com>,
Christian Roos <christian_roos@web.de> wrote:
You did not mention the platform involved. I will answer for the PIX
and hope that it's workable on whatever you are using.
logging buffered logs messages into a small wrap-around in-memory
buffer. The messages so logged may be displayed with "show log".
logging history does have to do with logging messages: logging history
has to do with recording command entries so that they can be recalled
and editted and resubmitted.
logging trap does not send SNMP-traps on a PIX: logging trap controls
what is sent as normal syslog messages to the hosts designated by
the logging host commands. On the PIX, the destination port and protocol
is configurable, and if a TCP protocol is chosen then the PIX will
start refusing traffic if it is not able to get TCP ACK messages for
the logs [this is for the security theory that traffic that cannot
be logged should be refused, to prevent attackers from flooding the
logs with forged messages and then, logs full, undertake the real
attack unlogged.]
PIX 6.x sends very few SNMP traps, and it only sends them to
snmp-server hosts which either have the "trap" option set, or have
no "trap" and no "poll" option (in other words, you cannot set
both options on the same command line, and if you want a host to be
able to poll and to have snmp traps sent to it, then leave off the option.)
- Posted by Merv on February 5th, 2006
logging buffer creates an internal logging buffer where you can see
recent messages using the command show log
logging history changes the default level of syslog messages stored in
the history file and sent to the SNMP serv
to log messages to a syslogging server, use the command
logging <syslog server IP address>
- Posted by Christian Roos on February 5th, 2006
But both commands stores the syslog-messages to a storage on a
IOS-Device (Most of my devices are switches). If I don't want to send
the syslogs as SNMP-Traps, I can switch off the history-logging?
Because the devices would store the same message twice. That will cost
memory only, but nothing else, right?
- Posted by Merv on February 5th, 2006
logging history size 0
So what I think you would want to configure would be something like:
logging history size 0
logging buffer 10000 debug
logging 192.168.1.250
It is very handy to have the local debug syslogging especially when
debugging a problem
