[Solved] Console logs in backup

Unimus support forum
Post Reply
tommyd
Posts: 8
Joined: Mon May 13, 2019 9:44 am

Tue Oct 15, 2019 7:22 am

I have found that some console log got into backup on a Cisco SG300. is this a bug or feature? I think i should not happen. Those logs belong to the loghost not configuration backup.

Code: Select all

[...]
ip default-gateway 1.2.3.4

14-Oct-2019 03:01:09 %LINK-W-Down:  gi16, aggregated (1)
14-Oct-2019 03:01:14 %LINK-I-Up:  gi16, aggregated (1)
14-Oct-2019 03:01:18 %STP-W-PORTSTATUS: gi16: STP status Forwarding, aggregated (1)
14-Oct-2019 03:01:38 %CDP-W-VOICE_VLAN_MISMATCH: Voice VLAN mismatch detected on interface gi27.

show vlan
[...]
User avatar
Tomas
Posts: 758
Joined: Sat Jun 25, 2016 12:33 pm

Tue Oct 15, 2019 9:53 am

Hello,

This depends on the configuration of the switch.
If the switch is configured to output logs to console (VTY), Unimus will pick those logs up as well.

You can simply disable console logging by doing "no logging console" in configure mode, and that will disable logs for all VTY sessions.
(just doing "no terminal monitor" is not enough, since that disables it just for the current console session)

After that, Unimus will not pick those logs up.
tommyd
Posts: 8
Joined: Mon May 13, 2019 9:44 am

Tue Oct 15, 2019 11:39 am

If I'm logged interactively I might need those logs for example in case of debugging something. Is it possible if Unimus could disable this at the beginning of session and revert at the end?
User avatar
Tomas
Posts: 758
Joined: Sat Jun 25, 2016 12:33 pm

Tue Oct 15, 2019 12:29 pm

We have a strong rule not to modify the config of a device during read-only operations (which a scheduled backup is). As such, we do not want to do 2 config modifications (enable something, disable it after).

There are quite a few reasons for this - in particular many customers use backup triggering - a change triggers a trap, which triggers Unimus backups through the API. This can cause infinite backup loops if we change config during backup.

What is more troublesome is that many customer run Unimus with read-only accounts, so in this case, this modification attempt would completely fail.

We recommend disabling debug output by default ("no logging console"), and you can always turn it ON during a debugging session if you need it ("terminal monitor" is always available). If you wish, you can additionally configure a separate VTY for the Unimus user, and disable logging only on that VTY. So by default, users would use a VTY that has logging enabled, but Unimus user uses a VTY that has no terminal logging.
tommyd
Posts: 8
Joined: Mon May 13, 2019 9:44 am

Tue Oct 15, 2019 1:12 pm

OK, I understand
Post Reply