System Log Messages

The ACOS device logs system events with system log (Syslog) messages.

The following topics are covered in this chapter:

     Destinations for Syslog Messages

     Syslog Message Severity Levels

     Configurable Syslog Parameters

     Configure Single-Priority Logging

     Configure Log Rate Limiting

Destinations for Syslog Messages

The ACOS device can send Syslog messages to the following places:

     Local buffer (default level: Debugging - 7)

     Console CLI session (default level: Error - 3)

     Console SSH and Telnet sessions

     External Syslog server

     Email address(es)

     SNMP servers (for events that are logged by SNMP traps)

Logging to the local buffer and to CLI sessions is enabled by default. Logging to other places requires additional configura­tion.

Syslog Message Severity Levels

The standard Syslog message severity levels are supported:

     Emergency – 0

     Alert – 1

     Critical – 2

     Error – 3

     Warning – 4

     Notification – 5

     Information – 6

     Debugging – 7

Configurable Syslog Parameters

TABLE 1    lists the configurable Syslog parameters.

TABLE 1       Configurable System Log Settings

Parameter

Description

Supported Values

Disposition

(message target)

Output options for each message level. For each mes­sage level, you can select which of the following output options to enable:

  Console – Messages are displayed in Console sessions.

  Buffered – Messages are stored in the system log buf­fer.

  Email – Messages are sent to the email addresses in the Email To list. (See below.)

  SNMP – SNMP traps are generated and sent to the SNMP receivers.

  Syslog – Messages are sent to the external log servers specified in the Log Server fields. (See below.)

  Monitor – Messages are displayed in Telnet and SSH sessions.

Note: For information about emailing log messages, see Emailing Log Messages.

The following message levels can be individually selected for each output option:

  Emergency (0)

  Alert (1)

  Critical (2)

  Error (3)

  Warning (4)

  Notification (5)

  Information (6)

  Debug (7)

Only Emergency, Alert, and Critical can be selected for SNMP.

Only Emergency, Alert, Critical, and Noti­fication can be selected for Email.

Logging Email Filter

Settings for sending log messages by email.

 

See Emailing Log Messages.

Logging Email Buffer Number

Logging Email Buffer Time

Facility

Standard Syslog facility to use.

Standard Syslog facilities listed in RFC 3164.

Log Buffer Entries

Maximum number of log entries the log buffer can store.

10000 to 50000 entries

Default: 30000

Log Server/Host

IP addresses or fully-qualified domain names of external log servers.

Only the message levels for which Syslog is selected in the Disposition list are sent to log servers.

Note: By default, the ACOS device can reach remote log servers only if they are reachable through the ACOS device’s data ports, not the management port. To enable the ACOS device to reach remote log servers through the management port, see Source Interface for Management Traffic.

Any valid IP address or fully-qualified domain name.

Default: None configured

Log Server Port

Protocol port to which log messages sent to external log servers are addressed.

Any valid protocol port number

Default: 514

Email To

Email addresses to which to send log messages.

Only the message levels for which Email is selected in the Disposition list are sent to log servers.

Valid email address. Click the down arrow next to the input field to add another address (up to 10).

Each email address can be a maximum of 31 characters long.

SMTP Server

IP address or fully-qualified domain name of an email server using Simple Message Transfer Protocol.

Note: By default, the ACOS device can reach SMTP serv­ers only if they are reachable through the ACOS device’s data ports, not the management port. To enable the ACOS device to reach SMTP servers through the man­agement port, see Source Interface for Management Traffic.

Any valid IP address or fully-qualified domain name.

Default: None configured

SMTP Server Port

Protocol port to which email messages sent to the SMTP server are addressed.

Any valid protocol port number

Default: 25

Mail From

Specifies the email From address.

Valid email address

Default: Not set

Need Authenti­cation

Specifies whether access to the SMTP server requires authentication.

Selected (enabled) or unselected (dis­abled)

Default: disabled

Username

Username required for access to the SMTP server.

Valid username

Default: Not set

Password

Password required for access to the SMTP server.

Valid password

Default: Not set

 

Configure Single-Priority Logging

Single-priority logging allows you to identify one specific severity level to be logged from among the standard syslog mes­sage severity levels (See Syslog Message Severity Levels).

This allows you to remove excess data so that you can see a desired subset of log messages at your target severity level.

In prior releases, when you specify a severity level to be logged, the selected level becomes the “basement level”, or the most trivial level that will appear along with the more important messages. For example, if you specify level 3 (error), you would also get severities 2, 1, and 0, but 3 would be the most trivial severity level to be included in the log messages.

Prior releases did not offer a way for you to single out a particular subset of log messages at a singular severity level; for exam­ple, there was no way to display severity level 5 log messages without also seeing messages from severity levels 4–0.

Single-priority logging offers more granular control of syslog messages.

To configure single-priority logging, use the logging single-priority command. The following example logs only error (level 3) messages:

ACOS(config)#logging single-priority error

NOTE:                               In prior releases, you could specify either the severity level number (for example, “3”) or the level (for example, “error”). In ACOS 4.0, you must specify the word representing the severity level; specifying the severity level number is invalid.

Configure Log Rate Limiting

The ACOS device uses a log rate limiting mechanism to ensure against overflow of external log servers and the internal log­ging buffer.

The rate limit for external logging is 15,000 messages per second from the device.

The rate limit for internal logging is 32 messages per second from the device.

     If the number of new messages within a one-second interval exceeds 32, then during the next one-second interval, the ACOS device sends log messages only to the external log servers.

     If the number of new messages generated within the new one-second interval is 32 or less, then during the following one-second interval, the ACOS device will again send messages to the local logging buffer as well as the external log server. In any case, all messages (up to 15,000 per second) get sent to the external log servers.

Use the GUI to Configure Log Rate Limiting

To configure log rate limiting using the GUI:

1.     Hover over System in the navigation bar, and select Settings.

2.     Click Logging on the menu bar.

3.     Change settings as needed. (For descriptions of the settings, see TABLE 1   .)

4.     Click OK.

Use the CLI to Configure Log Rate Limiting

Use the logging command to configure log rate limiting using the CLI.

For example, to change the severity level of messages logged in the local buffer to “warning” (level 4):

ACOS(config)# logging buffered warning

 

Replace buffered with a different destination, as desired (see Destinations for Syslog Messages).

NOTE:                               Only severity levels emergency, alert, critical, and notification can be sent by email. Sending log messages by email requires additional configuration. See Emailing Log Messages.

To configure the ACOS device to send log messages to an external Syslog server, use the logging host command to spec­ify the server:

ACOS(config)# logging host 20.20.10.8

 

You can specify multiple server names or IP addresses in a single command. The following example configures 20.20.10.8, 30.30.10.5, and 40.40.5.9 as sysllog servers:

ACOS(config)# logging host 20.20.10.8 30.30.10.5 40.40.5.9

 

You can also specify a protocol port. The default port is 514. If you specify multiple servers, then all servers specified must use the same protocol port to listen for syslog messages; you can only specify one protocol port per command.

The following example configures 20.20.10.8 and 30.30.10.5 as syslog servers listening on port 515, and 40.40.5.9 as a syslog server listening on port 517:

ACOS(config)# logging host 20.20.10.8 30.30.10.5 port 515

ACOS(config)# logging host 40.40.5.9 port 517

 

If you use the command to add some log servers, then need to add a new log server later, you must enter all server IP addresses in the new command. Each time you enter the logging host command, it replaces any set of servers and syslog port configured by the previous logging host command.

To configure the ACOS device to send log messages by email, use the following commands to specify the email server and the email addresses:

ACOS(config)# smtp 10.10.10.5

ACOS(config)# logging syslog@myexamplecompany.com

 

The smtp command specified the mail server; by default it will use port 25 to send Email; you can customize this with the optional port parameter.

To send event messages to an external SNMP server, see Simple Network Management Protocol (SNMP).

 

Table of Contents

Index

Glossary

-Search-

Back