I need some help interpreting Cisco Switch and Router Logs, please
LogAnalyser
Registered Users Posts: 1 ■□□□□□□□□□
in CCNP
I am brand new to this (Cisco Log Analysis) and I need some help with the meaning of Cisco Log messages.
I have read a bit on the Cisco website and got up to speed but I need a bit of fine tuning so please indulge me.
Specifically, I have two lines pasted below from one of my logs.
2463: 006076: Dec 28 22:35:08: %LINK-3-UPDOWN: Interface FastEthernet0/33, changed state to down
2464: 006077: Dec 28 22:35:12: %LINK-3-UPDOWN: Interface FastEthernet0/33, changed state to up
The way I have understood it is that the first numbers are sequence numbers followed by the date stamp. After the % sign, there is the source, the severity and a mnemonic code that is related to the message, followed by the detailed message itself.
In this case, severity '3' refers to 'error condition'
Question 1 - what would cause the link to change state to 'down' ?
Question 2 - why should it be an 'error' when the interface changes state from down to up ?
I have read a bit on the Cisco website and got up to speed but I need a bit of fine tuning so please indulge me.
Specifically, I have two lines pasted below from one of my logs.
2463: 006076: Dec 28 22:35:08: %LINK-3-UPDOWN: Interface FastEthernet0/33, changed state to down
2464: 006077: Dec 28 22:35:12: %LINK-3-UPDOWN: Interface FastEthernet0/33, changed state to up
The way I have understood it is that the first numbers are sequence numbers followed by the date stamp. After the % sign, there is the source, the severity and a mnemonic code that is related to the message, followed by the detailed message itself.
In this case, severity '3' refers to 'error condition'
Question 1 - what would cause the link to change state to 'down' ?
Question 2 - why should it be an 'error' when the interface changes state from down to up ?
Comments
-
d4nz1g
Member Posts: 464
Don't take it literally, it just means that this event has some level of importance.
In production environments, link up/down is definetely an important event.
There are many reasons that could bring a link down, including flapping, storms, loopback, or even physical issues such as bad cabling. -
azaghul
Member Posts: 569 ■■■■□□□□□□
From a technical/theoretical standpoint, switch ports are meant to forward traffic, so if a port goes down its considered an "error" as its no longer forwarding traffic.
From a practical standpoint, what is the port connected to? A PC going through a power cycle, a server going down, a trunk to another switch, the CEO's PA, how often is the event occurring? Depends on the context of the event.:) -
_Gonzalo_
Member Posts: 113
LogAnalyser wrote: »Question 1 - what would cause the link to change state to 'down' ?
Question 2 - why should it be an 'error' when the interface changes state from down to up ?
I don´t know where you´re heading...
Anyway, the answers are:
Q1) A lot of stuff... NIC broken, cable unplugged/cut/stepped on repeatedly. I don´t think that the motives are important. The message is just letting you know that, on a given interface, an event has ocurred.
Q2) I think that you are getting confused with the word "error". It is just the name that it was given to a severity 3 level. So, whenever that event happens (change of physical state on the link) it´ll come up.