My core switch had several spanning errors this morning, but Splunk did not record them. They are in the switch logs though - I need to know how to make it record those events (really, just record everything). Here's an example of logging info that is not in Splunk for my core switch:
%SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk TenGigabitEthernet1/1/2 VLAN98.
%SPANTREE-7-BLOCK_PORT_TYPE: Blocking TenGigabitEthernet1/1/2 on VLAN0098. Inconsistent port type.
↧