Every administrator knows that alert notifications are salt of the earth in his day-to-day struggle with myriad of data. Today we will be looking at an example of EventLog alert notifications on Cisco router and how it can point to possible problems with regular functioning of it.
1. Cisco EventLog configuration
Basic logging information in Cisco equipment is pretty easy and straightforward. We configure it inside configuration terminal:
logging host 10.1.1.1(IP of our EventLog server)
logging source-interface FastEthernet0 (Interface from which we want to send Syslog messages)
And that's it! You can now see Syslog messages flowing from your Cisco equipment to EventLog server with the following command:
show logging
2. EventLog problem detection
Our device sends a lot of data during its busy hours but we need to pick information from this data and use it for the notifications we need. During our search throughout messages from the device we could find two messages that are somewhat disturbing:
19542: Apr 26 15:20:35.847: %FAN-3-FAN_FAILED: Fan 2 had a rotation error reported
34905: Apr 20 10:55:34.566: %ENVIRONMENT-2-FAN_FAULT: System Fault: FAN FAULT is detected
These messages point to an error in regular functioning of the device and could bring problems on administrators in the future. For us to receive notification for each and every message could make notification providing moot.
So our alerting system should be set to trigger the alert when certain number of messages is received (in this example let's say 5 messages in 10 minutes) and receive end of alert if the messages with certain trigger stop flowing.
In our case we would set alerting system to trigger either on FAN_FAILED or FAN_FAULT string and with these messages we could begin our troubleshooting and fixing.
