How to filter out unwanted Cisco Syslog events and alarms in Spectrum
Article ID: 44633
Updated On:
Products
Issue/Introduction
Cisco devices can been configured to send Cisco Syslog traps to Spectrum. However, this can result in many unwanted Cisco Syslog events and alarms.
How can unwanted Cisco Syslog events and alarms be filtered or disabled in Spectrum?
Environment
Release: Any version of Spectrum
Resolution
The Cisco Syslog Information -> Message Filters subview of the Cisco device model can be used to filter out unwanted events and alarms from Cisco Syslog traps:
The Cisco Syslog Message Filter OneClick view lets you filter unwanted syslog messages. Filtering syslog messages blocks unwanted alarms or events. The following directory contains eight files that correspond to different filter categories:
$SPECROOT/SS/CsVendor/SYSLOG
To select the filter category to which a mnemonic belongs, move the associated facility in the syslog message to the required SS/CsVendor/SYSLOG file.
The following table shows SS/CsVendor/SYSLOG files and corresponding filters:
| File | Corresponding Filter |
| Syslog0 | Protocol_Filter |
| Syslog1 | System_Filter |
| Syslog2 | Environment_Filter |
| Syslog3 | Software_Filter |
| Syslog4 | Security_Filter |
| Syslog5 | Hardware_Configuration_Filter |
| Syslog6 | Connection_Configuration_Filter |
| Syslog7 | PIX_Firewall_Filter |
For example, the Syslog0 file contains the following facilities. If the value of the Protocol Filter were set to "true" for the model, then any Cisco Syslog traps received with one of the following facility would not produce an event or alarm.
//Protocol
ALPS
ARAP
ASPP
AT
ATM
ATMSSCOP
BAP
BGP
CDP
OSPF
RUDP
CDP
DRIP
DTP
GVRP
PAGP
PROTFILT
PRUNING
RSVP
SNMP
SPANTREE
UDLD
VTP
If you have other syslog traps that you want filtered out, add the facility to the correct syslog file. After making the change, you need to press the "Update Event Configuration" button on the VNM model in the Information - SpectroSERVER Control area
For a list of facility codes, please refer to Cisco documentation. Here is an example:
https://www.cisco.com/c/en/us/td/docs/ios/15_0sy/system/messages/15sysmg/sm15syovr.pdf
The underlying attributes associated with these filters are attributes on the CiscSysLogApp model associated with the device model. The Attribute Editor could be used to find multiple CiscSysLogApp models to change these values en mass instead of individually.
System Filter - system_filter attribute id 0x21101d
Protocol Filter - protocol_filter attribute id 0x21101c
Software Filter - software_filter attribute id 0x21101f
Security Filter - security_filter attribute id 0x211020
Environment Filter - environment_filter attribute id 0x21101e
Connection Configuration Filter - conn_config_filter attribute id 0x211022
Hardware Configuration Filter - hw_config_filter attribute id 0x211021
Additional Information
Please reference "Syslog Message Filter" section of the documentation for more information:
TechDocs : DX NetOps 21.2 Spectrum : Syslog Message Filter
Feedback
