Page 1 of 1

[Solved] Console logs in backup

Posted: Tue Oct 15, 2019 7:22 am
by tommyd
I have found that some console log got into backup on a Cisco SG300. is this a bug or feature? I think i should not happen. Those logs belong to the loghost not configuration backup.

Code: Select all

ip default-gateway

14-Oct-2019 03:01:09 %LINK-W-Down:  gi16, aggregated (1)
14-Oct-2019 03:01:14 %LINK-I-Up:  gi16, aggregated (1)
14-Oct-2019 03:01:18 %STP-W-PORTSTATUS: gi16: STP status Forwarding, aggregated (1)
14-Oct-2019 03:01:38 %CDP-W-VOICE_VLAN_MISMATCH: Voice VLAN mismatch detected on interface gi27.

show vlan

Re: Console logs in backup

Posted: Tue Oct 15, 2019 9:53 am
by Tomas

This depends on the configuration of the switch.
If the switch is configured to output logs to console (VTY), Unimus will pick those logs up as well.

You can simply disable console logging by doing "no logging console" in configure mode, and that will disable logs for all VTY sessions.
(just doing "no terminal monitor" is not enough, since that disables it just for the current console session)

After that, Unimus will not pick those logs up.

Re: Console logs in backup

Posted: Tue Oct 15, 2019 11:39 am
by tommyd
If I'm logged interactively I might need those logs for example in case of debugging something. Is it possible if Unimus could disable this at the beginning of session and revert at the end?

Re: Console logs in backup

Posted: Tue Oct 15, 2019 12:29 pm
by Tomas
We have a strong rule not to modify the config of a device during read-only operations (which a scheduled backup is). As such, we do not want to do 2 config modifications (enable something, disable it after).

There are quite a few reasons for this - in particular many customers use backup triggering - a change triggers a trap, which triggers Unimus backups through the API. This can cause infinite backup loops if we change config during backup.

What is more troublesome is that many customer run Unimus with read-only accounts, so in this case, this modification attempt would completely fail.

We recommend disabling debug output by default ("no logging console"), and you can always turn it ON during a debugging session if you need it ("terminal monitor" is always available). If you wish, you can additionally configure a separate VTY for the Unimus user, and disable logging only on that VTY. So by default, users would use a VTY that has logging enabled, but Unimus user uses a VTY that has no terminal logging.

Re: Console logs in backup

Posted: Tue Oct 15, 2019 1:12 pm
by tommyd
OK, I understand