Logging discriminator on routers and switches, logging lists on ASA


If your routers/switches send useless but high-level messages to your syslog server, you can use a logging discriminator to eliminate some unwanted log messages.


This is an example of a cisco bug message on a Cisco 881 router. It doesn’t mean anything and can only be fixed with an ios upgrade. You can also choose not to do anything about it because nothing is actually broken, but the syslog has a critical class and looks ugly in your kiwi logs.

734605: Jul 15 12:33:26.295 CEST: %SYS-2-CHUNKINVALIDHDR: Invalid chunk header type 1 for chunk 8419EBA4, data 8419FEEC -Process= „Net Background”, ipl= 3, pid= 27,  -Traceback= 0x8084F720 0x80037078 0x8034D438 0x8170FA3C 0x8170D6AC 0x8170D978 0x816E6BD0 0x8190F7CC 0x8190FDC0 0x80C13514 0x8144F354 0x803241D4 0x80C1370C 0x8144F354 0x80B3B538 0x81450CC8

To eliminate this critical syslog entry, use a logging discriminator.

logging discriminator NOCHUNK severity drops 2 facility drops SYS mnemonics drops CHUNKINVALIDHDR

logging console discriminator NOCHUNK

logging monitor discriminator NOCHUNK

logging trap warnings

logging host discriminator NOCHUNK


On firewalls, you need a different approach, because the discriminator has not been implemented on ASA.Therefore, you need to add messages on top of a specific logging level.

Logging message 111111 level errors (find message number in cisco documentation)

or use lists:

logging list my_critical_messages level 1
logging list my_critical_messages message 611101-611323
logging trap  my_critical_messages




IT security nightmares


Today just a list of things you should never do as a network engineer

  • putting guests on the corporate network
  • having the same preshared keys for 5 years
  • not having descriptions on interfaces
  • not having labels on patch panels
  • not having any network documentation
  • using swearwords as passwords
  • whole datacenter connected with one cable to the core switch
  • core switch with CPU spiking to 100% hundred times a day
  • terminal server connecting to that almost-dead core switch
  • having no change management

Much as i hate these things, fixing them makes me feel like a superman / wise rabbi figure. I give myself extra points if i manage to stay calm, too.



Building a home lab


Been a bit busy with my home lab. Here’s what i’ve managed so far:

  • got a public IP from Polkomtel
  • installed the sim card in a Huawei 593s
  • used an old 48 port Dell switch to connect to the Huawei router
  • created a basic 10-router, 6 switch topology to practise configurations for my new job
  • plugged all equipment into my new wonderful GemBird IP PDUs so that I can power on my equipment from the Internet
  • installed two new Cisco terminal servers 2509
  • ordered a second-hand 2621xm + NM-32 terminal server to plug in more devices in the future

I’m still missing a rack (cashflow!) but September looks promising.

Other than that, I’ve been preparing my crowdfunding campaign at http://www.polakpotrafi.pl. It will take a while to cook cause of all the account verifications, but I might be able to actually launch the campaign late July / early August. Leaflets and posters are ready for printing, so this, too, waits for my next salary. Doesn’t everything…

Exam update: I’ve passed JNCIS-ENT. I’m taking SISAS on Wednesday. SITCS needs to wait until end of September or until I do more paid overtime 🙂

Tomorrow I’m finishing the lab so you may expect some diagrams and basic configs.


Exam time


Been a while since the last update but things have never been busier. I’ve passed CCDA and SIMOS, the latter was especially difficult. I’m still taking JNCIS-ENT soon, so I don’t think the courses will start in April as planned before. My current employer is sending me to Norway for a few weeks to launch a new maintenance contract so most likely the first course won’t start until September. But it’s for the better – I will have had more time to get everything ready by then.

As to SIMOS – can’t reveal much without violating NDA, but the exam is definitely more difficult than it would transpire from the exam scope on official exam pages. You need to really dig deep into the official documentation, plus the passmark is rather high. The quality of the exam is typically low and quite embarassing.

With SIMOS passed, I’m halfway through my CCNP security path so two more to go in 2016. I’m also planning to do my JNCIP and CCDP so that I can focus on CCIE entirely in 2017. Ambitious but doable.

Once back from Norway, I should be able to get the first remote rack running. I’ve found a place to run it from so it’s now just a question of assembling and configuring everything.

I’ll try to write a bit more next week after my next exam.

…and it’s off to the races!


The website is finally ready together with the final version of our commercial!

Watch it at https://www.youtube.com/watch?v=KsX8E6oC_iQ 

Course-wise, it looks like April 2 is still on! Leaflets are almost ready to be printed, some hardware testing has been done already, too. First customers are starting to ask about the company, which is surprising if you take into account that i haven’t done any marketing yet. Cool!

From March onwards I’ll start posting network-related materials. I’m thinking a combined Cisco-Juniper course for beginners. We’ll see.






Curriculum is a hard word

Today just a short update. I’m super excited creating a fun-packed learning plan for the first course in April. I’m really interested to see how much can be taught (and internalized) in 6 days. Ideally this should be a flexible plan with CCENT core material + some CCNA and even CCNP stuff on top if there’s enough time after 5pm each day. So those of you who see BGP – do not fear. This only covers the basics and is only there for completeness sake. I don’t want anybody who has attended my course to be unfamiliar with crucial routing concepts, but I cannot possibly expect anybody to be a BGP expert after a 6 days CCENT course. BGP is there so that you’re not afraid of your senior colleagues when they’re discussing their more expert-level stuff.

I expect I’ll finish the bird’s-eye view of the curriculum tomorrow and I’ll get down to detailed activity plans, which should take me around 2-3 months. I’ll keep you updated!


CCENT – because you want to be a hero


A friend of mine saw my website today and she was like: ”ok, but why would I need a CCENT cert in the first place? Tell them why they need your course”. And I realized that she’s spot on – why does anybody need a CCENT?

So what does doing a CCENT course give you?

First of all, this is an important step towards your future career. CCENT is like putting your foot in the door to say: hey, I could be a junior network admin in the future.

Also, it’s a way of finding out if this is something you might enjoy doing. How can you know if you like networks if you’ve never attended a cisco course? 6 days (that’s the duration of my CCENT course) is definitely worth it because this might be a beginning of a great adventure.

Finally, because it’s such a brave new world. Once you’ve mastered the basics, you can move on to new IT learning paths: virtualization, data center, software defined networks, you name it. CCENT can give you a solid foundation that you can build on while exploring technologies like voice, wireless, design etc. It’s a universal key that you will be using over and over and over again. If you speak English, hold a CCENT/CCNA certificate plus you decide to learn a bit about Linux, the world is your oyster.

What do you need to do,then?

  • take my 6 day course
  • read a Cisco official guide
  • watch any CCENT online course
  • use a simulator or buy real gear to lab up what you’ve learnt
  • register at Pearson Vue
  • make an appointment (exam fee is roughly $250)
  • take the CCENT test
  • give yourself a present (a new Cisco router, perhaps?)

So on to Step 1: email me at tdewille@kursyitdlahumanistow.com or call 601079955 between 5 and 8p.m.