Take this log messages for example. It's repetitive and floods our logs;
So how can we filter these ?
Will it's quite easy, you will need to set a discrimator and apply it to our logging channel. The discrimator uses a filter statement and than take the action to drop the items that matches the filter.
You can uses a hosts of filters causes & and in any combinations ;
e.g ( we set a name and the match clause and then apply it )
! logging discriminator noflap mnemonics drops SW_MATM-4-MACFLAP_NOTIF msg-body drops flapping
logging buffered discriminator noflap
e.g ( we can apply these discrimator to any logging channel that we see fit )
( a remote syslog )
logging host 192.168.26.88 discriminator noflap
( surpress logs messages to the console )
logging console discriminator noflap
( drop log messages to your telnet/ssh monitor session )
logging monitor discriminator noflap
The above will apply the discrimator named "noflap" our logging via remote syslog server 192.168.26.88, console and ssh/telnet sessions.
NOTE: Now the one bad thing, you can't apply discrimators to local file logging channels.
To verify the discrimator, you can review your logs or by the execution of the cli cmd "show logging" , we can see what's being dropped and the active discrimators.
We could also have used different match filters to drop these same messages;
e.g ( we set a name and the match clause based on the severity level of #4 "WARNINGS" )
logging discriminator DROPserv severity drops 4 msg-body drops SW_MATM-4-MACFLAP_NOTIF
You can also get creative and set rate-limits per against the messages;
e.g ( we set a name and the match clause and the rate limits )
logging discriminator blog msg-body includes %SW_MATM-4-MACFLAP* rate-limit 1
Once again you can monitor this via cli cmd "show logging"