Tuesday, March 15, 2016

Changing Severity of Cisco Syslog Messages

Steps to Modify severity of syslog messages.

This can be achieved with the Cisco’s Embedded Syslog Manager


Access list log messages are written by default with level 6 severity – informational

There was a requirement to increase the severity of these messages level 3. This was achieved with the use of a tcl script and cisco’s embedded syslog manager


# severityincr.tcl  Increases the severity level of a syslog message.

#                   Requires two arguments, first the mnemonic and

#                   second the new severity level.

#                   E.g., STATECHANGE 3

if { [string length $::orig_msg] == 0} {

   return ""


if { [info exists ::cli_args] } {

    set args [split $::cli_args]

    if { [ string compare -nocase [lindex $args 0] $::mnemonic ] == 0 } {

        set ::severity [lindex $args 1]

        set sev_index [ string first [lindex $args 0] $::orig_msg ]

        if {  $sev_index >= 2 } {

           incr sev_index -2

           return [string replace $::orig_msg $sev_index $sev_index [lindex $args 1]]




return $::orig_msg

TCL script was copied to router flash to enable local access

Copy tftp disk0: severityincr.tcl

Logging filter was applied to router

Logging buffer filtered

Logging host 192.168.x.x filtered

Logging filter disk0:severityincr.tcl args IPACCESSLOGP 3

Log message following change!

No comments: