- Configuring System Message Logging
- Information About System Message Logging
- syslog Servers
- Configuring System Message Logging to Terminal Sessions
- Configuring System Message Logging to a File
- Configuring Module and Facility Messages Logging
- Configuring Logging Timestamps
- Configuring syslog Servers
- Configuring syslog on a UNIX or Linux System
- Configuring syslog Server Configuration Distribution
- Displaying and Clearing Log Files
- Как лог Cisco выводить в syslog
- Настройка Cisco для Syslog
- Настройка syslog на FreeBSD 7.2
- Настройка rsyslog на Debian 7 Wheezy
Configuring System Message Logging
This chapter describes how to configure system message logging on the Cisco Nexus 5000 Series switch and contains the following sections:
Information About System Message Logging
You can use system message logging to control the destination and to filter the severity level of messages that system processes generate. You can configure logging to terminal sessions, a log file, and syslog servers on remote systems.
By default, the Cisco Nexus 5000 Series switch outputs messages to terminal sessions.
By default, the switch logs system messages to a log file.
The following table describes the severity levels used in system messages. When you configure the severity level, the system outputs messages at that level and lower.
Level | Description |
---|---|
0 – emergency | System unusable |
1 – alert | Immediate action needed |
2 – critical | Critical condition |
3 – error | Error condition |
4 – warning | Warning condition |
5 – notification | Normal but significant condition |
6 – informational | Informational message only |
7 – debugging | Appears during debugging only |
The switch logs the most recent 100 messages of severity 0, 1, or 2 to the NVRAM log. You cannot configure logging to the NVRAM.
You can configure which system messages should be logged based on the facility that generated the message and its severity level.
syslog Servers
syslog servers run on remote systems that are configured to log system messages based on the syslog protocol. You can configure the Cisco Nexus 5000 Series to sends its logs to up to three syslog servers.
To support the same configuration of syslog servers on all switches in a fabric, you can use the Cisco Fabric Services (CFS) to distribute the syslog server configuration.
Note | When the switch first initializes, messages are sent to syslog servers only after the network is initialized. |
Configuring System Message Logging
Configuring System Message Logging to Terminal Sessions
You can configure the switch to log messages by their severity level to console, Telnet, and SSH sessions.
By default, logging is enabled for terminal sessions.
- 0 – emergency
- 1 – alert
- 2 – critical
- 3 – error
- 4 – warning
- 5 – notification
- 6 – informational
- 7 – debugging
- 0 – emergency
- 1 – alert
- 2 – critical
- 3 – error
- 4 – warning
- 5 – notification
- 6 – informational
- 7 – debugging
The following example shows how to configure a logging level of 3 for the console:
switch# configure terminal
switch(config)# logging console 3
The following example shows how to display the console logging configuration:
switch# show logging console
Logging console: enabled (Severity: error)
The following example shows how to disable logging for the console:
switch# configure terminal
switch(config)# no logging console
The following example shows how to configure a logging level of 4 for the terminal session:
switch# terminal monitor
switch# configure terminal
switch(config)# logging monitor 4
The following example shows how to display the terminal session logging configuration:
switch# show logging monitor
Logging monitor: enabled (Severity: warning)
The following example shows how to disable logging for the terminal session:
switch# configure terminal
switch(config)# no logging monitor
Configuring System Message Logging to a File
You can configure the switch to log system messages to a file. By default, system messages are logged to the file log:messages.
- 0 – emergency
- 1 – alert
- 2 – critical
- 3 – error
- 4 – warning
- 5 – notification
- 6 – informational
- 7 – debugging
The following example shows how to configure a switch to log system messages to a file:
switch# configure terminal
switch(config)# logging logfile my_log 6 size 4194304
The following example shows how to display the logging configuration (some of the output has been removed for brevity):
switch# show logging info
Logging console: enabled (Severity: debugging)
Logging monitor: enabled (Severity: debugging)
Logging linecard: enabled (Severity: notifications)
Logging fex: enabled (Severity: notifications)
Logging timestamp: Seconds
Name - my_log: Severity - informational Size - 4194304
Facility Default Severity Current Session Severity
Configuring Module and Facility Messages Logging
You can configure the severity level and time-stamp units of messages logged by modules and facilities.
- 0 – emergency
- 1 – alert
- 2 – critical
- 3 – error
- 4 – warning
- 5 – notification
- 6 – informational
- 7 – debugging
- 0 – emergency
- 1 – alert
- 2 – critical
- 3 – error
- 4 – warning
- 5 – notification
- 6 – informational
- 7 – debugging
The following example shows how to configure the severity level of module and specific facility messages:
switch# configure terminal
switch(config)# logging module 3
switch(config)# logging level aaa 2
Configuring Logging Timestamps
You can configure the time-stamp units of messages logged by the Cisco Nexus 5000 Series switch.
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal | Enters configuration mode. |
Step 2 | switch(config)# logging timestamp < microseconds | milliseconds | seconds > | Sets the logging time-stamp units. By default, the units are seconds. |
Step 3 | switch(config)# no logging timestamp < microseconds | milliseconds | seconds > | (Optional) Resets the logging time-stamp units to the default of seconds. |
Step 4 | switch# show logging timestamp | (Optional) Displays the logging time-stamp units configured. |
Step 5 | switch# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
The following example shows how to configure the time-stamp units of messages:
switch# configure terminal
switch(config)# logging timestamp milliseconds
switch# show logging timestamp
Logging timestamp: Milliseconds
Configuring syslog Servers
You can configure up to three syslog servers that reference remote systems where you want to log system messages.
The following example shows how to configure a syslog server:
switch# configure terminal
switch(config)# logging server 172.28.254.254 5 use-vrf VRFname facility local3
Configuring syslog on a UNIX or Linux System
You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file:
The following table describes the syslog fields that you can configure.
debug.local7 /var/log/myfile.log
$ chmod 666 /var/log/myfile.log
$ kill -HUP ~cat /etc/syslog.pid~
Configuring syslog Server Configuration Distribution
You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure.
After you enable syslog server configuration distribution, you can modify the syslog server configuration and view the pending changes before committing the configuration for distribution. As long as distribution is enabled, the switch maintains pending changes to the syslog server configuration.
Note | If the switch is restarted, the syslog server configuration changes that are kept in volatile memory may be lost. |
Before You Begin
You must have configured one or more syslog servers.
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal | Enters configuration mode. |
Step 2 | switch(config)# logging distribute | Enables distribution of syslog server configuration to network switches using the CFS infrastructure. By default, distribution is disabled. |
Step 3 | switch(config)# logging commit | Commits the pending changes to the syslog server configuration for distribution to the switches in the fabric. |
Step 4 | switch(config)# logging abort | Cancels the pending changes to the syslog server configuration. |
Step 5 | switch(config)# no logging distribute | (Optional) Disables distribution of syslog server configuration to network switches using the CFS infrastructure. You cannot disable distribution when configuration changes are pending. See the logging commit and logging abort commands. By default, distribution is disabled. |
Step 6 | switch# show logging pending | (Optional) Displays the pending changes to the syslog server configuration. |
Step 7 | switch# show logging pending-diff | (Optional) Displays the differences from the current syslog server configuration to the pending changes of the syslog server configuration. |
Step 8 | switch# show logging internal info | (Optional) Displays information about the current state of syslog server distribution and the last action taken. |
Step 9 | switch# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
Displaying and Clearing Log Files
You can display or clear messages in the log file and the NVRAM.
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# show logging last number-lines | Displays the last number of lines in the logging file. You can specify from 1 to 9999 for the last number of lines. |
Step 2 | switch# show logging logfile [ start-time yyyy mmm dd hh:mm:ss ] [ end-time yyyy mmm dd hh:mm:ss ] | Displays the messages in the log file that have a time stamp within the span entered. If you do not enter an end time, the current time is used. You enter three characters for the month time field, and digits for the year and day time fields. |
Step 3 | switch# show logging nvram [ last number-lines ] | Displays the messages in the NVRAM. To limit the number of lines displayed, you can enter the last number of lines to display. You can specify from 1 to 100 for the last number of lines. |
Step 4 | switch# clear logging logfile | Clears the contents of the log file. |
Step 5 | switch# clear logging nvram | Clears the logged messages in NVRAM. |
The following example shows how to display messages in a log file:
switch# show logging last 40
switch# show logging logfile start-time 2007 nov 1 15:10:0
switch# show logging nvram last 10
The following example shows how to clear messages in a log file:
switch# clear logging logfile
switch# clear logging nvram
Как лог Cisco выводить в syslog
Существует шесть способов сбора логов с cisco маршрутизаторов:
Console logging — вывод сообщений на консоль маршрутизатора, т.е. для их чтения нужно быть подключенным к консоли.
Buffered logging — в этом случае все сообщения будут размещаться в RAM памяти маршрутизатора. Для этого необходимо настроить буфер для логов в маршрутизаторе, так же следует помнить что буфер ограничен и при большом количестве сообщений старые записи будут затёрты более новыми и будут потеряны.
Terminal logging — используя команду terminal monitor можно заставить маршрутизатор выводить лог сообщения на VTY терминалы.
Syslog — маршрутизатор cisco будит посылать лог сообщения на один или несколько внешних syslog сервера.
SNMP traps — маршрутизатор может посылать SNMP сообщения (traps) на удалённый SNMP сервер для сбора событий происходящих на маршрутизаторе.
AAA accounting — если Вы используете AAA, то можете заставить маршрутизатор отправлять информацию о сетевых подключениях и командах выполненных на маршрутизаторе на NAS (Network Access Server) сервер.
Настройка Cisco для Syslog
as53xx231#conf t Enter configuration commands, one per line. End with CNTL/Z. as53xx231(config)#logging trap ? Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) as53xx231(config)#logging trap debugging as53xx231(config)#logging facility local2 as53xx231(config)#logging 10.26.95.254 as53xx231(config)#exit
logging trap debugging — (Использование syslog server logging level) задаем уровень подробности логов.
local2 — (Facility parameter for Использование syslog messages). Предварительно нужно проверить на FreeBSD свободен ли local2, если занят, то можно использовать любой с local1 по local7.
Настройка syslog на FreeBSD 7.2
local2.* /var/log/cisco/cisco231.log
syslogd_enable="YES" #разрешим использовать syslog только для хостов из доверенных сетей syslogd_flags="-a 10.26.95.224/27:* -a 10.187.155.64/29:*"
> ee /etc/newsyslog.conf . /var/log/cisco/cisco231.log 600 7 100 * JC
Настройка rsyslog на Debian 7 Wheezy
iptables -A INPUT -p udp -m udp -s xxx.xxx.xxx.234 --dport 514 -i eth0 -j ACCEPT
# nano /etc/default/rsyslog #RSYSLOGD_OPTIONS="-c5" RSYSLOGD_OPTIONS="-c5 -x"
# nano /etc/rsyslog.conf $ModLoad imudp #$UDPServerAddress xxx.xxx.xxx.254 $UDPServerRun 514 local2.* -/var/log/cisco234.log # touch /var/log/cisco234.log # chown root:adm /var/log/cisco234.log
# /etc/init.d/rsyslog restart # lsof -i:514 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 10020 root 3u IPv4 4999345 0t0 UDP *:syslog rsyslogd 10020 root 4u IPv6 4999346 0t0 UDP *:syslog
# nano /etc/logrotate.d/cisco_remote_log /var/log/cisco*.log