Logging
To print logging events to the terminal, set the modules or events you wish to print to the terminal. For example, run: o–
switch
(config) # logging monitor events notice
switch
(config) # logging monitor sx-sdk warning
These commands print system events in severity “notice”, and “sx-sdk” module notifications in severity “warning” to the screen. For example, in case of interface-down event, the following gets printed to the screen:
switch
(config) #
Wed Jul 10
11
:30
:42
2013
: Interface IB1/17
changed state to DOWN
Wed Jul 10
11
:30
:43
2013
: Interface IB1/18
changed state to DOWN
To see a list of the events, refer to “Supported Event Notifications and MIB Mapping”.
To configure remote syslog to send syslog messages to a remote syslog server:
Set remote syslog server.
switch
(config) # logging <IP address/hostname>(Optional) Set the destination port of the remote host.
switch
(config) # logging <IP address/hostname> port <port>(Optional) Filter log messages according to an input regex.
switch
(config) # logging <IP address/hostname> filter <"include"
/"exclude"
> <regex>Set the minimum severity of the log level to info.
switch
(config) # logging <IP address/hostname> trap infoOverride the log levels on a per-class basis.
switch
(config) # logging <IP address/hostname> trap overrideclass
<class
name> priority <level>
A feature that provides the ability to choose the protocol to use for sending syslog messages to a remote host: UDP (default) or TCP. See "logging protocol" command.
logging
logging [vrf <vrf-name>] <IPv4 address/IPv6 address/hostname> no logging [vrf <vrf-name>] <IPv4 address/IPv6 address/hostname> Sends log messages to the remote host specified by its IP or hostname. The no form of the command stops sending log messages to the remote host specified by its IP or hostname. |
||
Syntax Description |
vrf-name— VRF to be affected. If "vrf-name" parameter is not specified, "default" VRF will be used. |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.1.1000 3.9.2000—Added VRF option |
|
Role |
admin |
|
Example |
switch (config) # logging 1.1.1.1 switch (config) # no logging 1.1.1.1 |
|
Related Commands |
||
Notes |
This command is configurable. If “configuration write” is executed, the remote host will still receive messages after reload. It is possible to have multiple logging hosts in different VRFs. |
logging port
logging [vrf <vrf-name>] <syslog IPv4 address/IPv6 address/hostname> port <destination-port> no logging [vrf <vrf-name>] <syslog IPv4 address/IPv6 address/hostname> port Configures remote server destination port for log messages. The no form of the command resets the remote log port to its default value. |
||
Syntax Description |
destination-port |
Range: 1-65535 |
Hostname |
Max 64 characters |
|
vrf-name– VRF to be affected. If "vrf-name" parameter is not specified, "default" VRF will be used. |
||
Default |
514 (UDP) |
|
Configuration Mode |
config |
|
History |
3.6.2002 3.8.1000—Updated command syntax 3.9.2000—Added VRF option |
|
Example |
switch (config) # logging 10.0.0.1 port 105 |
|
Related Commands |
logging <syslog IPv4 address/IPv6 address/hostname> trap |
|
Notes |
It is possible to have multiple logging hosts in different VRFs. |
logging trap
logging [vrf <vrf-name>] <syslog IPv4 address/IPv6 address/hostname> [trap {<log-level> | override class <class> priority <log-level>}] no logging [vrf <vrf-name>] <syslog IPv4 address/IPv6 address/hostname> [trap {<log-level> | override class <class> priority <log-level>}] Enables (by setting the syslog IPv4 address/IPv6 address/hostname) sending logging messages, with ability to filter the logging messages according to their classes. The no form of the command stops sending messages to the remote syslog server. |
||
Syntax Description |
syslog IPv4 address/IPv6 address/hostname |
syslog IPv4 address/IPv6 address/hostname of the remote syslog server Hostname is limited to 64 characters |
log-level |
|
|
class |
Sets or removes a per-class override on the logging level. All classes which do not have an override set will use the global logging level set with “logging local <log level>”. Classes that do have an override will do as the override specifies. If “none” is specified for the log level, the software will not log anything from this class. Classes available:
|
|
vrf-name |
VRF to be affected. If "vrf-name" parameter is not specified, "default" VRF will be used. |
|
Default |
Remote logging is disabled |
|
Configuration Mode |
config |
|
History |
3.6.2002 3.8.1000—Updated command syntax 3.9.2000—Added VRF option |
|
Example |
switch (config) # logging local info |
|
Related Commands |
show logging logging local override logging <syslog IPv4 address/IPv6 address/hostname> port |
|
Notes |
It is possible to have multiple logging hosts in different VRFs. |
logging debug-files
logging debug-files {delete {current | oldest} | rotation {criteria | force | max-num} | update {<number> | current} | upload <log-file> <upload URL>} no logging debug-files rotation criteria Configures settings for debug log files. The "logging debug-files rotation criteria" command removes the debug rotation criteria configuration. |
||
Syntax Description |
delete {current | oldest} |
Deletes certain debug-log files.
|
rotation {criteria {frequency {daily | weekly | monthly} | size <size> | size-pct <percentage>} | force | max-num} |
Configures automatic rotation of debug-logging files.
|
|
update {<number> | current} |
Uploads a local debug-log file to a remote host.
|
|
upload |
Uploads debug log file to a remote host |
|
log-file |
Possible values: 1-7, or current |
|
upload URL |
Supported formats: HTTP, HTTPS, FTP, TFTP, SCP and SFTP (e.g.: scp://username[:password]@hostname/path/filename) |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.3.4150 3.9.0900: Added "no logging debug-files rotation criteria" command |
|
Example |
switch (config) # logging debug-files delete current |
|
Related Commands |
||
Notes |
logging events enable
logging events {cpu-rate-limiters | interfaces | protocols | what-just-happened-packets} enable no logging events {cpu-rate-limiters | interfaces | protocols | what-just-happened-packets| what-just-happened-packets} enable Activate event tracking for a certain group. The no form of the command deactivates event tracking for a certain group. |
||
Syntax Description |
cpu-rate-limiters | interfaces | protocols | what-just-happened-packets |
Logical groups with specified set of counters |
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.6.6000 3.9.0900: Added note and what-just-happened-packets option |
|
Example |
switch (config) # logging events interfaces enable |
|
Related Commands |
||
Notes |
Increase in the enabled events groups will generate a log message of the form: |
logging events error-threshold
logging events {cpu-rate-limiters | interfaces | protocols | what-just-happened-packets} error-threshold <events> no logging events {cpu-rate-limiters | interfaces | protocols | what-just-happened-packets} error-threshold <events> Configures number of events after which the system begins to generate events to the log file. The no form of the command resets this parameter to its default value. |
||
Syntax Description |
cpu-rate-limiters |
Sets threshold for CPU rate limiter related events Default: 1 event |
interfaces |
Sets threshold for interface related events Default: 10 events |
|
protocols |
Sets threshold for protocol related events Default: 2 events |
|
what-just-happened-packets |
Sets threshold for dropped packets Default: 1000 packets |
|
events |
Number of events after which the system begins to generate events to the log file. Range: 0-4294967295. |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.6.6000 |
|
3.9.0900 |
Added what-just-happened-packets options and note |
|
Example |
switch (config) # logging events interfaces error-threshold 45 |
|
Related Commands |
||
Notes |
The command configures number of events after which the system begins to generate events to the log file, if that number of events occurs within the interval defined by the logging events interval command. In the case of what-just-happened-packets, number of events refers to the number of dropped packets due to reasons for which auto-export pcap generation is enabled. |
logging events interval
logging events {cpu-rate-limiters | interfaces | protocols| what-just-happened-packets} interval <seconds> no logging events {cpu-rate-limiters | interfaces | protocols | what-just-happened-packets} interval <seconds> Configures interval in seconds between each sampling of counters in event type. The no form of the command resets this parameter to its default value. |
||
Syntax Description |
cpu-rate-limiters | interfaces | protocols | what-just-happened-packets |
Logical groups with specified set of counters Default:cpu-rate-limiters—10 seconds interfaces—5 minutes protocols—1 minute what-just-happened-packets - 10 minutes |
seconds |
Time between sampling. Range is different for each event type:
|
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.6.60003.9.0900: Added what-just-happened-packets option |
|
Example |
switch (config) # logging events interfaces interval 120 |
|
Related Commands |
||
Notes |
In the case of what-just-happened-packets, a pcap file will be generated if the threshold number of dropped packets is exceeded during this interval |
logging events rate-limit
logging events [cpu-rate-limiters | interfaces | protocols | what-just-happened-packets] rate-limit {short | medium | long} [count | window] no logging events [cpu-rate-limiters | interfaces | protocols | what-just-happened-packets] rate-limit [short | medium | long] [count <number> | window <seconds>] Configures the number of allowed events per time window and that window’s duration. The no form of the command resets these parameters to their default values. |
||||
Syntax Description |
cpu-rate-limiters | interfaces | protocols | what-just-happened-packets |
Logical groups with specified set of counters |
||
rate-limit |
Three configurable periods: short, medium, and long |
|||
count |
Number of allowed events per time window |
|||
window |
Window of time in seconds for the rate limit period |
|||
Default |
For “interfaces” Short window: event count—5 window duration—1 hour Medium window: event count—50 window duration—1 day Long window: event count—350 window duration—7 days |
For “protocols” Short window: event count—10 window duration—1 hour Medium window: event count—100 window duration—1 day Long window: event count—600 window duration—7 days |
For “cpu-rate-limiters” Short window: event count—10 window duration—1 hour Medium window: event count—200 window duration—1 day Long window: event count—1200 window duration—7 days |
For “what-just-happened-packets” Short window: event count—3 window duration—1 hour Medium window: event count—15 window duration—1 day Long window: event count—50 window duration—7 days |
Configuration Mode |
config |
|||
History |
3.6.6000 |
|||
3.9.0900 |
Added what-just-happened-packets option |
|||
Example |
switch (config) # logging events interfaces interval 120 |
|||
Related Commands |
||||
Notes |
|
logging fields
logging fields seconds {enable | fractional-digits <f-digit> | whole-digits <w-digit>} no logging fields seconds {enable | fractional-digits <f-digit> | whole-digits <w-digit>} Specifies whether to include an additional field in each log message that shows the number of seconds since the Epoch or not. The no form of the command disallows including an additional field in each log message that shows the number of seconds since the Epoch. |
||
Syntax Description |
enable |
Specifies whether to include an additional field in each log message that shows the number of seconds since the Epoch or not. |
f-digit |
The fractional-digits parameter controls the number of digits to the right of the decimal point. Truncation is done from the right. Possible values are: 1, 2, 3, or 6. |
|
w-digit |
The whole-digits parameter controls the number of digits to the left of the decimal point. Truncation is done from the left. Except for the year, all of these digits are redundant with syslog's own date and time. Possible values: 1, 6, or all. |
|
Default |
Disabled |
|
Configuration Mode |
config |
|
History |
3.1.0000 |
|
Example |
switch (config) # logging fields seconds enable |
|
Related Commands |
show logging |
|
Notes |
This is independent of the standard syslog date and time at the beginning of each message in the format of “July 15 18:00:00”. Aside from indicating the year at full precision, its main purpose is to provide subsecond precision. |
logging files delete
logging files delete {current | oldest [<number of files>]} Deletes the current or oldest log files. |
||
Syntax Description |
current |
Deletes current log file |
oldest |
Deletes oldest log file |
|
number of files |
Sets the number of files to be deleted |
|
Default |
CLI commands and audit message are set to notice logging level |
|
Configuration Mode |
config |
|
History |
3.1.0000 |
|
Example |
switch (config) # logging files delete current |
|
Related Commands |
show logging show log files |
|
Notes |
logging files rotation
logging files rotation {criteria {frequency <freq> | size <size-mb>| size-pct <size-percentage>} | force | max-number <number-of-files>} no logging files rotation criteria Sets the rotation criteria of the logging files. The no form of the command removes the rotation criteria configuration. |
||
Syntax Description |
freq |
Sets rotation criteria according to time. Possible options are:
|
size-mb |
Sets rotation criteria according to size in megabytes Range: 1-9999 Default: 20MB |
|
size-percentage |
Sets rotation criteria according to size in percentage of the partition where the logging files are kept in. The percentage given is truncated to three decimal points (thousandths of a percent). |
|
force |
Forces an immediate rotation of the log files. This does not affect the schedule of auto-rotation if it was done based on time: the next automatic rotation will still occur at the same time for which it was previously scheduled. Naturally, if the auto-rotation was based on size, this will delay it somewhat as it reduces the size of the active log file to zero. |
|
number-of-files |
The number of log files will be kept. If the number of log files ever exceeds this number (either at rotation time, or when this setting is lowered), the system will delete as many files as necessary to bring it down to this number, starting with the oldest. |
|
Default |
10 files are kept by default with rotation criteria of 5% of the log partition size |
|
Configuration Mode |
config |
|
History |
3.1.0000 3.9.0900:
|
|
Example |
switch (config) # logging files rotation criteria size-pct 6 |
|
Related Commands |
show logging show log files |
|
Notes |
logging files upload
logging files upload {current | <file-number>} <url> Uploads a log file to a remote host. |
||
Syntax Description |
current |
The current log file. The current log file will have the name “messages” if you do not specify a new name for it in the upload URL. |
file-number |
An archived log file. The archived log file will have the name “messages<n>.gz” (while “n” is the file number) if you do not specify a new name for it in the upload URL. The file will be compressed with gzip. |
|
url |
Uploads URL path. Supported formats: FTP, TFTP, SCP, and SFTP. For example: scp://username[:password]@hostname/path/filename. |
|
Default |
10 files are kept by default with rotation criteria of 5% of the log partition size |
|
Configuration Mode |
config |
|
History |
3.1.0000 |
|
Example |
switch (config) # logging files upload 1 scp://admin@scpserver |
|
Related Commands |
show logging show log files |
|
Notes |
logging filter include
logging <IP address\hostname> filter include <regex> Sends only log messages that match the input regex to a remote host specified by its IP or hostname. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.8.2000 |
|
Role |
admin |
|
Example |
switch (config) # logging 1.1.1.1 filter include ERROR |
|
Related Commands |
loggin no logging |
|
Notes |
This command is configurable. If “configuration write” is executed, the remote host will still receive filtered messages after reload. |
logging filter exclude
logging <IP address\hostname> filter exclude <regex> Sends only log messages that do not match the input regex to a remote host specified by its IP or hostname. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.8.2000 |
|
Role |
admin |
|
Example |
switch (config) # logging 1.1.1.1 filter exclude ERROR |
|
Related Commands |
loggin no logging |
|
Notes |
This command is configurable. If “configuration write” is executed, the remote host will still receive filtered messages after reload. |
no logging filter
no logging <IP address\hostname> filter Sends unfiltered log messages to the configured remote host. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.8.2000 |
|
Role |
admin |
|
Example |
switch (config) # no logging 1.1.1.1 filter |
|
Related Commands |
loggin no logging |
|
Notes |
This command is configurable. If “configuration write” is executed, the remote host will still receive filtered messages after reload. |
logging format
logging format {standard | welf [fw-name <hostname>]} no logging format {standard | welf [fw-name <hostname>]} Sets the format of the logging messages. The no form of the command resets the format to its default. |
||
Syntax Description |
standard |
Standard format |
welf |
WebTrends Enhanced Log file (WELF) format |
|
hostname |
Specifies the firewall hostname that should be associated with each message logged in WELF format. If no firewall name is set, the hostname is used by default. Hostname is limited to 64 characters. |
|
Default |
standard |
|
Configuration Mode |
config |
|
History |
3.1.0000 |
|
Example |
switch (config) # logging format standard |
|
Related Commands |
show logging |
|
Notes |
logging level
logging level {cli commands <log-level> | audit mgmt <log-level>} Sets the severity level at which CLI commands or the management audit message that the user executes are logged. This includes auditing of both configuration changes and actions. |
||
Syntax Description |
cli commands |
Sets the severity level at which CLI commands which the user executes are logged |
audit mgmt |
Sets the severity level at which all network management audit messages are logged |
|
log-level |
|
|
Default |
CLI commands and audit message are set to notice logging level |
|
Configuration Mode |
config |
|
History |
3.1.0000 |
|
Example |
switch (config) # logging level cli commands info |
|
Related Commands |
show logging |
|
Notes |
logging local override
logging local override [class <class> priority <log-level>] no logging local override [class <class> priority <log-level>] Enables class-specific overrides to the local log level. The no form of the command disables all class-specific overrides to the local log level without deleting them from the configuration, but disables them so that the logging level for all classes is determined solely by the global setting. |
||
Syntax Description |
override |
Enables class-specific overrides to the local log level. |
class |
Sets or removes a per-class override on the logging level. All classes which do not have an override set will use the global logging level set with “logging local <log level>”. Classes that do have an override will do as the override specifies. If “none” is specified for the log level, the software will not log anything from this class. Classes available:
|
|
log-level |
|
|
Default |
Override is disabled |
|
Configuration Mode |
config |
|
History |
3.1.0000 3.3.4150: Added debug-module class and changed iss-modules to protocol-stack |
|
Example |
switch (config) # logging local override class mgmt-front priority warning |
|
Related Commands |
show logging logging local |
|
Notes |
logging monitor
logging monitor <facility> <priority-level> no logging monitor <facility> <priority-level> Sets monitor log facility and level to print to the terminal. The no form of the command disables printing logs of facilities to the terminal. |
||
Syntax Description |
facility |
|
priority-level |
|
|
Default |
no logging monitor |
|
Configuration Mode |
config |
|
History |
3.3.4000 |
|
Example |
switch (config) # logging monitor events notice |
|
Related Commands |
||
Notes |
logging protocol
logging <IP address\hostname> protocol [tcp|udp] no logging <IP address\hostname> protocol Sends log messages to specified host with the chosen protocol (TCP or UDP). The no form of the command sets the protocol for sending log messages to a remote host to the default (UDP). |
||
Syntax Description |
tcp |
Sets protocol to TCP |
udp |
Sets protocol to UDP |
|
Default |
UDP |
|
Configuration Mode |
Configure terminal |
|
History |
3.8.2100 |
|
Role |
Admin |
|
Example |
switch (config) # logging 1.1.1.1 protocol tcp switch (config) # no logging 1.1.1.1 protocol |
|
Related Commands |
||
Notes |
This command is configurable, so if “configuration write” is executed then after reboot the remote host will still receive messages with the configured protocol. |
logging receive
logging receive no logging receive Enables receiving logging messages from a remote host. The no form of the command disables the option of receiving logging messages from a remote host. |
||
Syntax Description |
N/A |
|
Default |
Receiving logging is disabled |
|
Configuration Mode |
config |
|
History |
3.1.0000 |
|
Example |
switch (config) # logging receive |
|
Related Commands |
show logging logging local logging local override |
|
Notes |
|
logging mac masking
logging mac masking no logging mac masking Enables MAC address masking in logs. The no form of the command disables MAC address masking. |
||
Syntax Description |
N/A |
|
Default |
Enabled |
|
Configuration Mode |
config |
|
History |
3.9.0900 |
|
Example |
switch (config) # logging mac masking |
|
Related Commands |
show logging |
|
Notes |
If enabled, the first 2 bytes of MAC address output log will be masked. For example, 00:12:34:56:78:9a will be displayed as **:**:34:56:78:9a. |
show log
show log [continuous | files [<file-number>]] [[not] matching <reg-exp>] Displays the log file with optional filter criteria. |
||
Syntax Description |
continues |
Displays the last few lines of the current log file and then continues to display new lines as they come in until the user hits Ctrl+C, similar to LINUX “tail” utility |
files |
Displays the list of log files |
|
<file-number> |
Displays an archived log file, where the number may range from 1 up to the number of archived log files available |
|
[not] matching <reg-exp> |
The file is piped through a LINUX “grep” utility to only include lines either matching, or not matching, the provided regular expression |
|
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.1.0000 3.3.4402: Updated example and added note |
|
Example |
||
switch (config) # show log matching "Executing|Action" Jul 31 16:11:23 M2100-aj cli[26502]: [cli.NOTICE]: user : Executing command: enable |
||
Related Commands |
logging fields logging files rotation logging level logging local logging receive show logging |
|
Notes |
|
show logging
show logging Displays the logging configurations. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.1.0000 3.8.2000: Updated example 3.9.0900: Updated example |
|
Role |
Admin |
|
Example |
switch (config) # show logging Local logging level : notice Levels at which messages are logged: Remote syslog servers: 1.2.2.3: |
|
Related Commands |
logging fields logging files rotation logging level logging local logging receive logging <syslog IPv4 address/IPv6 address/hostname> |
|
Notes |
show logging events
show logging events [cpu-rate-limiters | interfaces | protocols | what-just-happened-packets] Displays configuration per selected event group or all. |
||
Syntax Description |
cpu-rate-limiters | interfaces | protocols | what-just-happened-packets |
Logical groups with specified set of counters |
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.6.6000 |
|
3.9.0900 |
Added what-just-happened-packets option |
|
Example |
switch (config) # show logging events what-just-happened-packets: |
|
Related Commands |
||
Notes |
show logging events source-counters
show logging events [cpu-rate-limiters |interfaces | protocols] source-counters Displays set of counters for sampling. |
||
Syntax Description |
cpu-rate-limiters | interfaces | protocols |
Logical groups with specified set of counters |
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.6.6000 |
|
Example |
switch (config) # show logging events interfaces source-counters |
|
Related Commands |
logging event enable logging event error-threshold logging event interval logging event rate-limit |
|
Notes |
show logging port
show logging port Displays the port logging configurations. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.1.0000 3.8.1000: Updated example |
|
Example |
switch (config) # show logging |
|
Related Commands |
logging port |
|
Notes |