Monitoring and Troubleshooting
This chapter introduces the basics for monitoring and troubleshooting Cumulus Linux.
Serial Console
Use the serial console to debug issues if you reboot the switch often or if you do not have a reliable network connection.
The default serial console baud rate is 115200, which is the baud rate ONIE uses.
Configure the Serial Console
On x86 switches, you configure serial console baud rate by editing grub
.
Incorrect configuration settings in grub
cause the switch to be inaccessible through the console. Review grub
changes before you implement them.
The valid values for the baud rate are:
- 300
- 600
- 1200
- 2400
- 4800
- 9600
- 19200
- 38400
- 115200
To change the serial console baud rate:
Edit the
/etc/default/grub
file and provide a valid value for the--speed
andconsole
variables:GRUB_SERIAL_COMMAND="serial --port=0x2f8 --speed=115200 --word=8 --parity=no --stop=1" GRUB_CMDLINE_LINUX="console=ttyS1,115200n8 cl_platform=accton_as5712_54x"
After you save your changes to the grub configuration, type the following at the command prompt:
cumulus@switch:~$ update-grub
If you plan on accessing the switch BIOS over the serial console, you need to update the baud rate in the switch BIOS. For more information, see this knowledge base article.
Reboot the switch.
Change the Console Log Level
By default, the console prints all log messages except debug messages. To tune console logging to be less verbose so that certain levels of messages do not print, run the dmesg -n <level>
command, where the log levels are:
Level | Description |
---|---|
0 | Emergency messages (the system is about to crash or is unstable). |
1 | Serious conditions; you must take action immediately. |
2 | Critical conditions (serious hardware or software failures). |
3 | Error conditions (often used by drivers to indicate difficulties with the hardware). |
4 | Warning messages (nothing serious but might indicate problems). |
5 | Message notifications for many conditions, including security events. |
6 | Informational messages. |
7 | Debug messages. |
Only messages with a value lower than the level specified print to the console. For example, if you specify level 3, only level 2 (critical conditions), level 1 (serious conditions), and level 0 (emergency messages) print to the console:
cumulus@switch:~$ sudo dmesg -n 3
You can also run dmesg --console-level <level>
command, where the log levels are emerg
, alert
, crit
, err
, warn
, notice
, info
, or debug
. For example, to print critical conditions, run the following command:
cumulus@switch:~$ sudo dmesg --console-level crit
The dmesg
command applies until the next reboot.
For more details about the dmesg
command, run man dmesg
.
Show General System Information
Two commands are helpful for getting general information about the switch and the version of Cumulus Linux you are running. These are helpful with system diagnostics and if you need to submit a support request.
For information about the version of Cumulus Linux running on the switch, run the net show version
command:
cumulus@switch:~$ net show version
NCLU_VERSION=1.0-cl4u1
DISTRIB_ID="Cumulus Linux"
DISTRIB_RELEASE=4.4.0
DISTRIB_DESCRIPTION="Cumulus Linux 4.4.0"
For general information about the switch, run net show system
, which gathers information about the switch from files in the system:
cumulus@switch:~$ net show system
Hostname......... mlx-3700
Build............ Cumulus Linux 4.3.0~1605304302.c2213761
Uptime........... 19 days, 9:35:29.710000
Model............ Mlnx MSN3700C
CPU.............. x86_64 Intel Pentium D D1508 2.20 GHz
Memory........... 8GB
Disk............. 28GB
ASIC............. Mellanox Spectrum-2 MTxxxxxx
Ports............ 32 x 100G-QSFP28
...
Diagnostics Using cl-support
You can use cl-support
to generate a single export file that contains various details about switch configuration, and is useful for remote debugging and troubleshooting. For more information about cl-support
, read Understanding the cl-support Output File.
Run cl-support
to investigate issues before you submit a support request.
cumulus@switch:~$ sudo cl-support -h
Usage: [-h (help)] [-cDjlMsv] [-d m1,m2,...] [-e m1,m2,...]
[-p prefix] [-r reason] [-S dir] [-T Timeout_seconds] [-t tag]
-h: Display this help message
-c: Run only modules matching any core files, if no -e modules
-D: Display debugging information
-d: Disable (do not run) modules in this comma separated list
-e: Enable (only run) modules in this comma separated list; "-e all" runs
all modules and sub-modules, including all optional modules
...
Send Log Files to a syslog Server
You can configure the remote syslog server on the switch using the following configuration:
cumulus@switch:~$ net add syslog host ipv4 192.168.0.254 port udp 514
cumulus@switch:~$ net pending
cumulus@switch:~$ net commit
The configuration creates the file /etc/rsyslog.d/11-remotesyslog.conf
in the rsyslog
directory. The file has the following content:
cumulus@switch:~$ cat /etc/rsyslog.d/11-remotesyslog.conf
# This file was automatically generated by NCLU.
*.* @192.168.0.254:514 # UDP
Log Technical Details
rsyslog performs logging on Cumulus Linux. rsyslog
provides both local logging to the syslog
file and the ability to export logs to an external syslog
server. All rsyslog
log files use high precision timestamps:
2015-08-14T18:21:43.337804+00:00 cumulus switchd[3629]: switchd.c:1409 switchd version 1.0-cl2.5+5
Cumulus Linux includes applications in the /var/log/
directory that write directly to a log file without going through rsyslog
.
All Cumulus Linux rules are in separate files in /etc/rsyslog.d/
, which rsyslog
calls at the end of the GLOBAL DIRECTIVES
section of the /etc/rsyslog.conf
file. rsyslog
ignores the RULES
section at the end of the rsyslog.conf
file; the rules in the /etc/rsyslog.d
file must process the messages, which the last line in the /etc/rsyslog.d/99-syslog.conf
file drops.
Local Logging
Cumulus Linux sends logs through rsyslog
, which writes them to files in the /var log
directory. There are default rules in the /etc/rsyslog.d/
directory that define where the logs write:
Rule | Purpose |
---|---|
10-rules.conf | Sets defaults for log messages, include log format and log rate limits. |
15-crit.conf | Logs crit , alert or emerg log messages to /var/log/crit.log to ensure they do not rotate away. |
20-clagd.conf | Logs clagd messages to /var/log/clagd.log for MLAG. |
22-linkstate.conf | Logs link state changes for all physical and logical network links to /var/log/linkstate . |
25-switchd.conf | Logs switchd messages to /var/log/switchd.log . |
30-ptmd.conf | Logs ptmd messages to /var/log/ptmd.log for Prescription Topology Manager. |
35-rdnbrd.conf | Logs rdnbrd messages to /var/log/rdnbrd.log for Redistribute Neighbor. |
40-netd.conf | Logs netd messages to /var/log/netd.log for NCLU. |
45-frr.conf | Logs routing protocol messages to /var/log/frr/frr.log . This includes BGP and OSPF log messages. |
99-syslog.conf | Sends all remaining processes that use rsyslog to /var/log/syslog . |
Cumulus Linux rotates and compresses log files into an archive. Processes that do not use rsyslog
write to their own log files within the /var/log
directory. For more information on specific log files, see Troubleshooting Log Files.
Enable Remote syslog
Cumulus Linux does not send all log messages to a remote server. To send other log files (such as switchd
logs) to a syslog
server, follow these steps:
Create a file in
/etc/rsyslog.d/
. Make sure the filename starts with a number lower than 99 so that it executes before log messages go in, such as20-clagd.conf
or25-switchd.conf
. The name of the example file below is/etc/rsyslog.d/11-remotesyslog.conf
. Add content similar to the following:## Logging switchd messages to remote syslog server @192.168.1.2:514
This configuration sends log messages to a remote
syslog
server for the following processes:clagd
,switchd
,ptmd
,rdnbrd
,netd
andsyslog
. It follows the same syntax as the/var/log/syslog
file, where @ indicates UDP, 192.168.12 is the IP address of thesyslog
server, and 514 is the UDP port.- For TCP-based syslog, use two @@ before the IP address @@192.168.1.2:514.
- The file numbering in
/etc/rsyslog.d/
dictates how the rules install intorsyslog.d
. Lower numbered rules process first andrsyslog
processing terminates with thestop
keyword. For example, thersyslog
configuration for FRR is in the45-frr.conf
file with an explicitstop
at the bottom of the file. FRR messages log to the/var/log/frr/frr.log
file on the local disk only (these messages do not go to a remote server using the default configuration). To log FRR messages remotely in addition to writing FRR messages to the local disk, rename the99-syslog.conf
file to11-remotesyslog.conf
. The11-remotesyslog.conf
rule (transmit to remote server)processes FRR messages first, then the45-frr.conf
file continues to process the messages (write to local disk in the/var/log/frr/frr.log
file). - Do not use the
imfile
module with any file written byrsyslogd
.
Restart
rsyslog
.cumulus@switch:~$ sudo systemctl restart rsyslog.service
Write to syslog with Management VRF Enabled
You can write to syslog with management VRF enabled by applying the following configuration; the /etc/rsyslog.d/11-remotesyslog.conf
file comments out this configuration.
cumulus@switch:~$ cat /etc/rsyslog.d/11-remotesyslog.conf
## Copy all messages to the remote syslog server at 192.168.0.254 port 514
action(type="omfwd" Target="192.168.0.254" Device="mgmt" Port="514" Protocol="udp")
For each syslog server, configure a unique action
line. For example, to configure two syslog servers at 192.168.0.254 and 10.0.0.1:
cumulus@switch:~$ cat /etc/rsyslog.d/11-remotesyslog.conf
## Copy all messages to the remote syslog servers at 192.168.0.254 and 10.0.0.1 port 514
action(type="omfwd" Target="192.168.0.254" Device="mgmt" Port="514" Protocol="udp")
action(type="omfwd" Target="10.0.0.1" Device="mgmt" Port="514" Protocol="udp")
If you configure remote logging to use the TCP protocol, local logging might stop when the remote syslog server is unreachable. To avoid this behavior, configure a disk queue size and maximum retry count in your rsyslog
configuration:
action(type="omfwd" Target="172.28.240.15" Device="mgmt" Port="1720" Protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000")
Rate-limit syslog Messages
If you want to limit the number of syslog
messages that write to the syslog
file from individual processes, add the following configuration to the /etc/rsyslog.conf
file. Adjust the interval and burst values to rate-limit messages to the appropriate levels required by your environment. For more information, read the rsyslog documentation.
module(load="imuxsock"
SysSock.RateLimit.Interval="2" SysSock.RateLimit.Burst="50")
The following test script shows an example of rate-limit output.
Harmless syslog Error: Failed to reset devices.list
The following message logs to /var/log/syslog
when you run systemctl daemon-reload
and during system boot:
systemd[1]: Failed to reset devices.list on /system.slice: Invalid argument
This message is harmless, you can ignore it. It logs when systemd
attempts to change read-only group attributes. Cumulus Linux modifies the upstream version of systemd
to not log this message by default.
The systemctl daemon-reload
command runs when you install Debian packages. You see the message multiple times when upgrading packages.
Troubleshoot syslog
You can use the following commands to troubleshoot syslog
issues.
Verifying that rsyslog is Running
To verify that the rsyslog
service is running, use the sudo systemctl status rsyslog.service
command:
cumulus@leaf01:mgmt-vrf:~$ sudo systemctl status rsyslog.service
rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled)
Active: active (running) since Sat 2017-12-09 00:48:58 UTC; 7min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 11751 (rsyslogd)
CGroup: /system.slice/rsyslog.service
└─11751 /usr/sbin/rsyslogd -n
Dec 09 00:48:58 leaf01 systemd[1]: Started System Logging Service.
Verify your rsyslog Configuration
After making manual changes to any files in the /etc/rsyslog.d
directory, use the sudo rsyslogd -N1
command to identify any errors in the configuration files that prevent the rsyslog
service from starting.
In the following example, a closing parenthesis is missing in the 11-remotesyslog.conf
file, which configures syslog
for management VRF:
cumulus@leaf01:mgmt-vrf:~$ cat /etc/rsyslog.d/11-remotesyslog.conf
action(type="omfwd" Target="192.168.0.254" Device="mgmt" Port="514" Protocol="udp"
cumulus@leaf01:mgmt-vrf:~$ sudo rsyslogd -N1
rsyslogd: version 8.4.2, config validation run (level 1), master config /etc/rsyslog.conf
syslogd: error during parsing file /etc/rsyslog.d/15-crit.conf, on or before line 3: invalid character '$' in object definition - is there an invalid escape sequence somewhere? [try http: /www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/15-crit.conf, on or before line 3: syntax error on token 'crit_log' [try http://www.rsyslog.com/e/2207 ]
After correcting the invalid syntax, issuing the sudo rsyslogd -N1
command produces the following output.
cumulus@leaf01:mgmt-vrf:~$ cat /etc/rsyslog.d/11-remotesyslog.conf
action(type="omfwd" Target="192.168.0.254" Device="mgmt" Port="514" Protocol="udp")
cumulus@leaf01:mgmt-vrf:~$ sudo rsyslogd -N1
rsyslogd: version 8.4.2, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
tcpdump
If a syslog server is not accessible to validate that syslog
messages are exporting, you can use tcpdump
.
In the following example, a syslog server uses 192.168.0.254 for UDP syslog messages on port 514:
cumulus@leaf01:mgmt-vrf:~$ sudo tcpdump -i eth0 host 192.168.0.254 and udp port 514
To generate syslog
messages, use sudo
in another session such as sudo date
. Using sudo
generates an authpriv
log.
cumulus@leaf01:mgmt-vrf:~$ sudo tcpdump -i eth0 host 192.168.0.254 and udp port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:57:15.356836 IP leaf01.lab.local.33875 > 192.168.0.254.syslog: SYSLOG authpriv.notice, length: 105
00:57:15.364346 IP leaf01.lab.local.33875 > 192.168.0.254.syslog: SYSLOG authpriv.info, length: 103
00:57:15.369476 IP leaf01.lab.local.33875 > 192.168.0.254.syslog: SYSLOG authpriv.info, length: 85
To see the contents of the syslog
file, use the tcpdump -X
option:
cumulus@leaf01:mgmt-vrf:~$ sudo tcpdump -i eth0 host 192.168.0.254 and udp port 514 -X -c 3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:59:15.980048 IP leaf01.lab.local.33875 > 192.168.0.254.syslog: SYSLOG authpriv.notice, length: 105
0x0000: 4500 0085 33ee 4000 4011 8420 c0a8 000b E...3.@.@.......
0x0010: c0a8 00fe 8453 0202 0071 9d18 3c38 353e .....S...q..<85>
0x0020: 4465 6320 2039 2030 303a 3539 3a31 3520 Dec..9.00:59:15.
0x0030: 6c65 6166 3031 2073 7564 6f3a 2020 6375 leaf01.sudo:..cu
0x0040: 6d75 6c75 7320 3a20 5454 593d 7074 732f mulus.:.TTY=pts/
0x0050: 3120 3b20 5057 443d 2f68 6f6d 652f 6375 1.;.PWD=/home/cu
0x0060: 6d75 6c75 7320 3b20 5553 4552 3d72 6f6f mulus.;.USER=roo
0x0070: 7420 3b20 434f 4d4d 414e 443d 2f62 696e t.;.COMMAND=/bin
0x0080: 2f64 6174 65 /date