Appliance Logging and Debugging
To configure remote syslog to send syslog messages to a remote syslog server:
Set remote syslog server.
gateway (config) # logging <IP address/hostname>
(Optional) Set the destination port of the remote host.
gateway (config) # logging <IP address/hostname> port <port>
(Optional) Filter log messages according to an input regex. Run:
gateway (config) # logging <IP address/hostname> filter <
"include"
/"exclude"
> <regex>Set the minimum severity of the log level to info.
gateway (config) # logging <IP address/hostname> trap info
Override the log levels on a per-class basis.
gateway (config) # logging <IP address/hostname> trap override
class
<class
name> priority <level>
A feature that provides the ability to choose the protocol to use for sending syslog messages to a remote host: UDP (default) or TCP.
logging
logging <IPv4 address/hostname> Sends log messages to the remote host specified by its IP or hostname The no form of the command stops sending log messages to the remote host specified by its IP or hostname. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | config | |
History | 8.0.0100 | |
Role | admin | |
Example | gateway (config) # logging 1.1.1.1 | |
Related Commands | ||
Notes | This command is configurable. If “configuration write” is executed, the remote host will still receive messages after reload. |
logging port
logging <syslog IPv4 address/hostname> port <destination-port> Configures remote server destination port for log messages. | ||
Syntax Description | destination-port | Range: 1-65535 |
Hostname | Max 64 characters | |
Default | 514 (UDP) | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging 10.0.0.1 port 105 | |
Related Commands | logging <syslog IPv4 address/hostname> trap | |
Notes |
logging trap
logging <syslog IPv4 address/hostname> [trap {<log-level> | override class <class> priority <log-level>}] Enables (by setting the syslog IPv4 address/hostname) sending logging messages, with ability to filter the logging messages according to their classes. | ||
Syntax Description | syslog IPv4 address/hostname | syslog IPv4 address/hostname of the remote syslog server |
log-level |
| |
class | Sets or removes a per-class override on the logging level. All classes which do not have an override set will use the global logging level set with “logging local <log level>”. Classes that do have an override will do as the override specifies. If “none” is specified for the log level, the software will not log anything from this class. Classes available:
| |
Default | Remote logging is disabled | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging local info | |
Related Commands | show logging | |
Notes |
logging debug-files
logging debug-files {delete {current | oldest} | rotation {criteria | force | max-num} | update {<number> | current} | upload <log-file> <upload URL>} Configures settings for debug log files. | ||
Syntax Description | delete {current | oldest} | Deletes certain debug-log files.
|
rotation {criteria {frequency {daily | weekly | monthly} | size <size> | size-pct <percentage>} | force | max-num} | Configures automatic rotation of debug-logging files.
| |
update {<number> | current} | Uploads a local debug-log file to a remote host.
| |
upload | Uploads debug log file to a remote host | |
log-file | Possible values: 1-7, or current | |
upload URL | Supported formats: HTTP, HTTPS, FTP, TFTP, SCP and SFTP (e.g.: scp://username[:password]@hostname/path/filename) | |
Default | N/A | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging debug-files delete current | |
Related Commands | ||
Notes |
logging fields
logging fields seconds {enable | fractional-digits <f-digit> | whole-digits <w-digit>} Specifies whether to include an additional field in each log message that shows the number of seconds since the Epoch or not. | ||
Syntax Description | enable | Specifies whether to include an additional field in each log message that shows the number of seconds since the Epoch or not. |
f-digit | The fractional-digits parameter controls the number of digits to the right of the decimal point. Truncation is done from the right. | |
w-digit | The whole-digits parameter controls the number of digits to the left of the decimal point. Truncation is done from the left. Except for the year, all of these digits are redundant with syslog's own date and time. | |
Default | Disabled | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging fields seconds enable | |
Related Commands | show logging | |
Notes | This is independent of the standard syslog date and time at the beginning of each message in the format of “July 15 18:00:00”. Aside from indicating the year at full precision, its main purpose is to provide subsecond precision. |
logging files delete
logging files delete {current | oldest [<number of files>]} Deletes the current or oldest log files. | ||
Syntax Description | current | Deletes current log file |
oldest | Deletes oldest log file | |
number of files | Sets the number of files to be deleted | |
Default | CLI commands and audit message are set to notice logging level | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging files delete current | |
Related Commands | show logging | |
Notes |
logging files rotation
logging files rotation {criteria {frequency <freq> | size <size-mb>| size-pct <size-percentage>} | force | max-number <number-of-files>} Sets the rotation criteria of the logging files. | ||
Syntax Description | freq | Sets rotation criteria according to time. Possible options are:
|
size-mb | Sets rotation criteria according to size in megabytes | |
size-percentage | Sets rotation criteria according to size in percentage of the partition where the logging files are kept in. The percentage given is truncated to three decimal points (thousandths of a percent). | |
force | Forces an immediate rotation of the log files. This does not affect the schedule of auto-rotation if it was done based on time: the next automatic rotation will still occur at the same time for which it was previously scheduled. Naturally, if the auto-rotation was based on size, this will delay it somewhat as it reduces the size of the active log file to zero. | |
number-of-files | The number of log files will be kept. If the number of log files ever exceeds this number (either at rotation time, or when this setting is lowered), the system will delete as many files as necessary to bring it down to this number, starting with the oldest. | |
Default | 10 files are kept by default with rotation criteria of 5% of the log partition size | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging files rotation criteria size-pct 6 | |
Related Commands | show logging | |
Notes |
logging files upload
logging files upload {current | <file-number>} <url> Uploads a log file to a remote host. | ||
Syntax Description | current | The current log file. The current log file will have the name “messages” if you do not specify a new name for it in the upload URL. |
file-number | An archived log file. The archived log file will have the name “messages<n>.gz” (while “n” is the file number) if you do not specify a new name for it in the upload URL. The file will be compressed with gzip. | |
url | Uploads URL path. Supported formats: FTP, TFTP, SCP, and SFTP. For example: scp://username[:password]@hostname/path/filename. | |
Default | 10 files are kept by default with rotation criteria of 5% of the log partition size | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging files upload 1 scp://admin@scpserver | |
Related Commands | show logging | |
Notes |
logging filter include
logging <IP address/hostname> filter include <regex> Sends only log messages that match the input regex to a remote host specified by its IP or hostname. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | config | |
History | 8.0.0100 | |
Role | admin | |
Example | gateway (config) # logging 1.1.1.1 filter include ERROR | |
Related Commands | loggin | |
Notes | This command is configurable. If “configuration write” is executed, the remote host will still receive filtered messages after reload. |
logging filter exclude
logging <IP address/hostname> filter exclude <regex> Sends only log messages that do not match the input regex to a remote host specified by its IP or hostname. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | config | |
History | 8.0.0100 | |
Role | admin | |
Example | gateway (config) # logging 1.1.1.1 filter exclude ERROR | |
Related Commands | logging | |
Notes | This command is configurable. If “configuration write” is executed, the remote host will still receive filtered messages after reload. |
no logging filter
no logging <IP address/hostname> filter Sends unfiltered log messages to the configured remote host. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | config | |
History | 8.0.0100 | |
Role | admin | |
Example | gateway (config) # no logging 1.1.1.1 filter | |
Related Commands | logging | |
Notes | This command is configurable. If “configuration write” is executed, the remote host will still receive filtered messages after reload. |
logging format
logging format {standard | welf [fw-name <hostname>]} Sets the format of the logging messages. | ||
Syntax Description | standard | Standard format |
welf | WebTrends Enhanced Log file (WELF) format | |
fw-name | Firewall name used in WELF messages | |
hostname | Specifies the firewall hostname that should be associated with each message logged in WELF format. If no firewall name is set, the hostname is used by default. Hostname is limited to 64 characters. | |
Default | standard | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging format standard | |
Related Commands | show logging | |
Notes |
logging level
logging level {cli commands <log-level> | audit mgmt <log-level>} Sets the severity level at which CLI commands or the management audit message that the user executes are logged. This includes auditing of both configuration changes and actions. | ||
Syntax Description | cli commands | Sets the severity level at which CLI commands which the user executes are logged. |
audit mgmt | Sets the severity level at which all network management audit messages are logged. | |
log-level |
| |
Default | CLI commands and audit message are set to notice logging level | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging level cli commands info | |
Related Commands | show logging | |
Notes |
logging local override
logging local override [class <class> priority <log-level>] Enables class-specific overrides to the local log level. | ||
Syntax Description | override | Enables class-specific overrides to the local log level. |
class | Sets or removes a per-class override on the logging level. All classes which do not have an override set will use the global logging level set with “logging local <log level>”. Classes that do have an override will do as the override specifies. If “none” is specified for the log level, the software will not log anything from this class. Classes available:
| |
log-level |
| |
Default | Override is disabled | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging local override class mgmt-front priority warning | |
Related Commands | show logging | |
Notes |
logging protocol
logging <IP address\hostname> protocol [tcp|udp] Sends log messages to specified host with the chosen protocol (TCP or UDP). | ||
Syntax Description | tcp | Sets protocol to TCP |
udp | Sets protocol to UDP | |
Default | UDP | |
Configuration Mode | Configure terminal | |
History | 8.0.0100 | |
Role | Admin | |
Example | gateway (config) # logging 1.1.1.1 protocol tcp gateway (config) # no logging 1.1.1.1 protocol | |
Related Commands | ||
Notes | This command is configurable, so if “configuration write” is executed then after reboot the remote host will still receive messages with the configured protocol. |
logging receive
logging receive Enables receiving logging messages from a remote host. | ||
Syntax Description | N/A | |
Default | Receiving logging is disabled | |
Configuration Mode | config | |
History | 8.0.0100 | |
Example | gateway (config) # logging receive | |
Related Commands | show logging | |
Notes |
|
show log
show log [continuous | files [<file-number>]] [[not] matching <reg-exp>] Displays the log file with optional filter criteria. | ||
Syntax Description | continues | Displays the last few lines of the current log file and then continues to display new lines as they come in until the user hits Ctrl+C, similar to LINUX “tail” utility. |
files | Displays the list of log files. | |
<file-number> | Displays an archived log file, where the number may range from 1 up to the number of archived log files available. | |
[not] matching <reg-exp> | The file is piped through a LINUX “grep” utility to only include lines either matching, or not matching, the provided regular expression. | |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 8.0.0100 | |
Example | ||
gateway (config) # show log matching "Executing|Action" Jul 31 16:11:23 M2100-aj cli[26502]: [cli.NOTICE]: user : Executing command: enable | ||
Related Commands | logging fields | |
Notes |
|
show logging
show logging Displays the logging configurations. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 8.0.0100 | |
Example | gateway (config) # show logging Local logging level : notice Levels at which messages are logged: Remote syslog servers: 1.2.2.3: | |
Related Commands | logging fields | |
Notes |
show logging port
show logging port Displays the port logging configurations. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 8.0.0100 | |
Example | gateway (config) # show logging port Local logging level: notice | |
Related Commands | logging port | |
Notes |
show log debug
show log debug [continuous | files | matching | not] Displays current event debug-log file in a scrollable pager. | ||
Syntax Description | continuous | Displays new event log messages as they arrive |
files | Displays archived debug log files | |
matching | Displays event debug logs that match a given regular expression | |
not | Displays event debug logs that do not meet certain criteria | |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 8.0.0100 | |
Example | ||
gateway (config) # show log debug May 26 12:17:21 gateway cli[14941]: [cli.DEBUG]: user admin: cli_parse_one_level: word=show, 70 children, 0 cmds, unavail=0 | ||
Related Commands | ||
Notes |