command follows: Router(config)#logging trap level The logging trap command limits the logging messages sent to syslog servers to messages with a level up to and including the specified level argument. The level argument is one of the keywords listed in Figure . The default trap level is informational. The no logging trap command disables logging to syslog servers.
Content 7.2 Gathering Information on Application Layer Problems 7.2.7 Deciphering syslog messages All messages begin with a percent sign, and are displayed in the following format: %FACILITY-SEVERITY-MNEMONIC: Message-text FACILITY is a code, consisting of two to five uppercase letters, indicating the facility to which the message refers. A facility may be a hardware device, a protocol, or a module of the system software. The IOS has over 500 service identifiers. SEVERITY is a single-digit code from 0 to 7 that reflects the severity of the condition. The lower the number, the more serious the situation. MNEMONIC is a code, consisting of uppercase letters that uniquely identify the message. Message-text is a text string describing the condition. This portion of the message sometimes contains detailed information about the event being reported, including terminal port numbers, network addresses, or addresses that correspond to locations in the system memory address space. Because the information in these variable fields changes from message to message (see below), it is represented here by short strings enclosed in square brackets ([ ]). For example, a decimal number is represented as [dec]. Some example error messages could be as follows: Error message: %HELLO-2-NORDB: Redistributed IGRP without rdb In this message, HELLO is the facility, 2 is the severity, and NORDB is the MNEMONIC. This message indicates that an internal software error has occurred and technical support should be contacted for assistance. Error message: %IP-4-DUPADDR Duplicate address [inet] on [chars], sourced by [enet] This error message indicates that another system on the network segment is using this IP address and that the IP address on one of the two systems should be changed. If one or more error messages reoccur after the recommended action has been taken, contact Cisco or a local field service organization.
Content 7.2 Gathering Information on Application Layer Problems 7.2.8 Protocol analyzers Network management involves using network and protocol analysis tools to establish a network system baseline and to monitor and optimize performance. Protocol analyzers are almost always software-based. They are used to gather information about traffic flows and are very useful for establishing a network baseline. Although they do not decode the contents of frames, protocol analyzers are often used for solving Layer 2 and higher problems. They can be used to assist in locating traffic overloads, planning for network expansion, detecting intruders, establishing baseline performance, and distributing traffic more efficiently. Using these tools effectively is not easy. Administrators must be able to decipher and interpret the information generated. Examples of protocol analyzers include Fluke’s Protocol Inspector and Sniffer Pro Protocol Analyzer. Note: Some devices may come equipped with traffic monitoring capabilities. For example, the Cisco Catalyst® 6500 Series switch can be equipped with a Network Analysis Module (NAM). The NAM is an integrated and powerful traffic monitoring system. It comes with an embedded web-based Traffic Analyzer, which provides full scale remote monitoring and troubleshooting capabilities accessible through a web browser.
Content 7.2 Gathering Information on Application Layer Problems 7.2.9 Network management systems Network management systems are always software-based tools. They continually monitor the network. There are various types of network management systems and not all are equal. Some are better at status monitoring and fault management tracking while others are better at service-level reporting. The choice is sometimes confusing since features overlap. Network Management System (NMS) functions can be categorized into three main categories: Operations management tools are used for active monitoring of day-to-day network administration. The software provides features such as network topology discovery, status monitoring, fault management, and basic real-time performance data. Major vendors include HP OpenView (current market leader), Computer Associates, and IBM Tivoli. Device management tools are typically vendor specific. They are used to manage a vendor's network components to make configuration changes to network devices and to apply rules and policies. Most provide graphical tools to interact with actual devices. Examples of device management tools include Cisco Systems’ CiscoWorks (Cisco), Navis iEngineer (Lucent), and Optivity (Nortel). Service management tools focus on QoS and service-level guarantee issues. They collect performance data over time that is then used for establishing a baseline, trend analysis, historical usage analysis, and service-level reporting. The tools focus on comparing the expected quality of network resources with actual results. Major vendors include HP, Lucent, and NetScout Systems. SNMP
Network management tools use the Simple Network Management Protocol (SNMP) to capture and communicate device data. NMS periodically polls the devices it manages, sending queries for their current status. The monitored devices respond by transmitting the requested data and by sending traps (called notifications in SNMPv2). A trap is an unsolicited message to the NMS, generated when a monitored parameter reaches unacceptable levels. For example, an environmental monitoring device may send a trap when the temperature level is too low or too high. Traps are useful because they provide a method for a device to signal that something unexpected has occurred. In SNMP, the term manager refers both to the monitoring software running on the NMS and the actual device running the software. Similarly, the term agent refers to the device being monitored and to the software used by the monitored devices to generate and transmit their status data. SNMP is a client-server protocol that normally communicates on TCP and UDP ports 161. SNMP traps use TCP and UDP ports 162. Some vendors use nonstandard ports for traps (for example, Cisco uses TCP and UDP ports 1993).
Content 7.3 Troubleshooting TCP/IP Application Layer Protocols 7.3.1 Overview Application layer protocols can be very difficult to isolate. Test and eliminate any problems in the lower layers before attempting to isolate upper layer problems. This section focuses on how to isolate problems with various application layer protocols such as:
Content 7.3 Troubleshooting TCP/IP Application Layer Protocols 7.3.2 Client-server systems A client-server model is a network architecture in which a computer (client) requests access to services offered on another remote host (server). The model provides a convenient way to remotely interconnect programs located in different locations. Computer transactions using the client-server model are very common. Clients are PCs or workstations on which users run applications. Clients rely on servers for resources, such as files, devices, and even processing power. A client is defined as a requester of services and a server is defined as the provider of services. A single machine can be both a client and a server depending on the software configuration. Servers are powerful computers dedicated to managing disk drives (file servers), printers