I need some help interpreting Cisco Switch and Router Logs, please

I am brand new to this (Cisco Log Analysis) and I need some help with the meaning of Cisco Log messages.
I have read a bit on the Cisco website and got up to speed but I need a bit of fine tuning so please indulge me.

Specifically, I have two lines pasted below from one of my logs.

2463: 006076: Dec 28 22:35:08: %LINK-3-UPDOWN: Interface FastEthernet0/33, changed state to down

2464: 006077: Dec 28 22:35:12: %LINK-3-UPDOWN: Interface FastEthernet0/33, changed state to up

The way I have understood it is that the first numbers are sequence numbers followed by the date stamp. After the % sign, there is the source, the severity and a mnemonic code that is related to the message, followed by the detailed message itself.
In this case, severity '3' refers to 'error condition'

Question 1 - what would cause the link to change state to 'down' ?
Question 2 - why should it be an 'error' when the interface changes state from down to up ?

Find more posts tagged with

Comments

d4nz1g

Don't take it literally, it just means that this event has some level of importance.

In production environments, link up/down is definetely an important event.
There are many reasons that could bring a link down, including flapping, storms, loopback, or even physical issues such as bad cabling.

azaghul

From a technical/theoretical standpoint, switch ports are meant to forward traffic, so if a port goes down its considered an "error" as its no longer forwarding traffic.

From a practical standpoint, what is the port connected to? A PC going through a power cycle, a server going down, a trunk to another switch, the CEO's PA, how often is the event occurring? Depends on the context of the event.:)

_Gonzalo_

LogAnalyser wrote: »

Question 1 - what would cause the link to change state to 'down' ?
Question 2 - why should it be an 'error' when the interface changes state from down to up ?

I don´t know where you´re heading...

Anyway, the answers are:

Q1) A lot of stuff... NIC broken, cable unplugged/cut/stepped on repeatedly. I don´t think that the motives are important. The message is just letting you know that, on a given interface, an event has ocurred.

Q2) I think that you are getting confused with the word "error". It is just the name that it was given to a severity 3 level. So, whenever that event happens (change of physical state on the link) it´ll come up.