INTRODUCTION: Cisco devices have been configured to send Cisco Syslog traps to Spectrum. However, I am seeing many unwanted Cisco Syslog events and alarms. How to filter out unwanted Cisco Syslog events and alarms in Spectrum.
INSTRUCTIONS: The Cisco Syslog Information -> Message Filters subview of the Cisco device model can be used to filter out unwanted events and alarms from Cisco Syslog traps:
The Cisco Syslog Message Filter OneClick view lets you filter unwanted syslog messages. Filtering syslog messages blocks unwanted alarms or events. The $SPECROOT/SS/CsVendor/SYSLOG directory contains eight files that correspond to different filter categories. To select the filter category to which a mnemonic belongs, move the mnemonic to the required SS/CsVendor/SYSLOG file.
The following table shows SS/CsVendor/SYSLOG files and corresponding filters:
For example, the Syslog0 file contains the following mnemonics. If the value of the Protocol Filter were set to "true" for the model, then any Cisco Syslog traps received with one of the following mnemonics would not produce an event or alarm.
The underlying attributes associated with these filters are attributes on the CiscSysLogApp model associated with the device model. The Attribute Editor could be used to find multiple CiscSysLogApp models to change these values en mass instead of individually.
System Filter - system_filter attribute id 0x21101d
Protocol Filter - protocol_filter attribute id 0x21101c
Software Filter - software_filter attribute id 0x21101f
Security Filter - security_filter attribute id 0x211020
Environment Filter - environment_filter attribute id 0x21101e
Connection Configuration Filter - conn_config_filter attribute id 0x211022
Hardware Configuration Filter - hw_config_filter attribute id 0x211021
ADDITIONAL INFORMATION: Please reference Syslog Message Filter for more information.