|
|
This chapter describes how to configure system message logging on the Catalyst 5000, 4000, 2948G, and 2926G series switches.
This chapter consists of these sections:
By default, the switch logs normal but significant system messages to its internal buffer and sends these messages to the system console. You can specify which system messages should be saved based on the type of facility (see Table 22-1) and the severity level (see Table 22-2). Messages are time-stamped to enhance real-time debugging and management.
You can access logged system messages using the switch CLI or by saving them to a properly configured syslog server. The switch software saves syslog messages in an internal buffer that can store up to 1024 messages. You can monitor system messages remotely by accessing the switch through Telnet or the console port, or by viewing the logs on a syslog server.
Table 22-1 describes the facility types supported by the system message logs.
| Facility Name | Definition |
|---|---|
cdp | Cisco Discovery Protocol |
dtp | Dynamic Trunking Protocol |
drip | Dual Ring Protocol |
dvlan | Dynamic VLAN |
earl | Enhanced Address Recognition Logic |
fddi | Fiber Distributed Data Interface |
filesys | Flash file system |
gvrp | GARP VLAN Registration Protocol |
ip | IP permit list |
kernel | Kernel |
mgmt | Management messages |
mcast | Multicast messages |
pagp | Port Aggregation Protocol |
protfilt | Protocol filtering |
pruning | VTP pruning |
qos | Quality of Service |
radius | RADIUS authentication |
rmon | Remote Monitoring |
security | Port security |
snmp | Simple Network Management Protocol |
spantree | Spanning-Tree Protocol |
sys | System |
tac | TACACS+ authentication |
tcp | Transmission Control Protocol |
telnet | Terminal emulation protocol in the TCP/IP protocol stack |
tftp | Trivial File Transfer Protocol |
udld | UniDirectional Link Detection |
vmps | VLAN Membership Policy Server |
vtp | VLAN Trunking Protocol |
Table 22-2 describes the severity levels supported by the system message logs.
| Severity Level | Keyword | Description |
|---|---|---|
0 | emergencies | System unusable |
1 | alerts | Immediate action required |
2 | critical | Critical condition |
3 | errors | Error conditions |
4 | warnings | Warning conditions |
5 | notifications | Normal but significant condition |
6 | informational | Informational messages |
7 | debugging | Debugging messages |
System log messages begin with a percent sign (%) and can contain up to 80 characters. Messages are displayed in the following format:
mm/dd/yyy:hh/mm/ss:facility-severity-MNEMONIC:description
Table 22-3 describes the elements of syslog messages.
| Element | Description |
mm/dd/yyy:hh/mm/ss | Date and time of the error or event. This information appears only if configured using the set logging timestamp enable command. |
facility | Indicates the facility to which the message refers (for example, SNMP, SYS, etc.). |
severity | Single-digit code from 0 to 7 that indicates the severity of the message. |
MNEMONIC | Text string that uniquely describes the error message. |
description | Text string containing detailed information about the event being reported. |
This example shows typical switch system messages (at system startup):
1999 Apr 16 10:01:26 %MLS-5-MLSENABLED:IP Multilayer switching is enabled 1999 Apr 16 10:01:26 %MLS-5-NDEDISABLED:Netflow Data Export disabled 1999 Apr 16 10:01:26 %SYS-5-MOD_OK:Module 1 is online 1999 Apr 16 10:01:47 %SYS-5-MOD_OK:Module 3 is online 1999 Apr 16 10:01:42 %SYS-5-MOD_OK:Module 6 is online 1999 Apr 16 10:02:27 %PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1 1999 Apr 16 10:02:28 %PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/2
Table 22-4 describes the default system message logging configuration.
| Configuration Parameter | Default Setting |
|---|---|
System message logging to the console | Enabled |
System message logging to Telnet sessions | Enabled |
Logging buffer size | 500 |
Logging history size | 1 |
Timestamp option | Enabled |
Logging server | Disabled |
Syslog server IP address | None configured |
Server facility | LOCAL7 |
Server severity | Warnings (4) |
Facility/severity level for system messages | sys/5 |
These sections describe how to configure system message logging on the switch:
By default, system logging messages are sent to console and Telnet sessions based on the default logging facility and severity values. If desired, you can disable logging to the console or logging to a given Telnet session.
When you disable or enable logging to console sessions, the enable state is applied to all future console sessions. For example, if you disable logging to the console, disconnect from the console port, and later reconnect, logging is still disabled for the console.
In contrast, when you disable or enable logging to a Telnet session, the enable state is applied only to that session. If you disable logging to a Telnet session, disconnect the session, and later reconnect, logging is enabled for the new session.
To change the logging enable state for console sessions, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Change the default logging enable state for console sessions. | set logging console {enable | disable} |
Step 2 Verify the logging configuration. | show logging [noalias] |
This example shows how to disable logging to the current and future console sessions:
Console> (enable) set logging console disable System logging messages will not be sent to the console. Console> (enable)
| Task | Command |
|---|---|
Step 1 Change the logging enable state for a Telnet session. | set logging session {enable | disable} |
Step 2 Verify the logging configuration. | show logging [noalias] |
This example shows how to disable logging to the current Telnet session:
Console> (enable) set logging session disable System logging messages will not be sent to the current login session. Console> (enable)
You can change the severity level for each logging facility using the set logging level command. Use the all keyword to specify all facilities. Use the default keyword to make the specified severity level the default for the specified facilities. If you do not use the default keyword, the specified severity level applies only to the current session.
To change the system message logging severity level setting for a logging facility, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the severity level for logging facilities. | set logging level {all | facility} severity [default] |
Step 2 Verify the system message logging configuration. | show logging [noalias] |
This example shows how to set the logging severity level to 5 for all facilities (for the current session only):
Console> (enable) set logging level all 5 All system logging facilities for this session set to severity 5(notifications) Console> (enable)
This example shows how to set the default logging severity level to 3 for the cdp facility:
Console> (enable) set logging level cdp 3 default System logging facility <cdp> set to severity 3(errors) Console> (enable)
To enable or disable the logging timestamp, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the logging timestamp enable state. | set logging timestamp {enable | disable} |
Step 2 Verify the logging timestamp enable state. | show logging [noalias] |
This example shows how to enable the timestamp display on system logging messages:
Console> (enable) set logging timestamp enable System logging messages timestamp will be enabled. Console> (enable)
To specify the number of messages to log to the logging buffer, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the number of messages to log to the logging buffer. | set logging buffer buffer_size |
Step 2 Verify the system message logging configuration. | show logging [noalias] |
This example shows how to set the logging buffer size to 200 messages:
Console> (enable) set logging buffer 200 System logging buffer size set to <200> Console> (enable)
Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. Log in as root, and perform these steps:
Step 1 Add a line such as the following to the file /etc/syslog.conf:
user.debug/var/log/myfile.log
The switch sends messages according to specified facility types and severity levels. The user keyword specifies the UNIX logging facility used. The messages from the switch are generated by user processes. The debug keyword specifies the severity level of the condition being logged. You can set UNIX systems to receive all messages from the switch.
Step 2 Create the log file by entering these commands at the UNIX shell prompt:
$ touch /var/log/myfile.log $ chmod 666 /var/log/myfile.log
Step 3 Make sure the syslog daemon reads the new changes by entering this command:
$ kill -HUP \Qcat /etc/syslog.pid
To configure the switch to log messages to a syslog server, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the IP address of one or more syslog servers1. | set logging server ip_addr |
Step 2 Set the facility and severity levels for syslog server messages. | set logging server facility server_facility_parameter set logging server severity server_severity_level |
Step 3 Enable system message logging to configured syslog servers. | set logging server enable |
Step 4 Verify the configuration. | show logging [noalias] |
| 1You can configure a maximum of three syslog servers. |
This example shows how to specify a syslog server, set the facility and severity levels, and enable logging to the server:
Console> (enable) set logging server 10.10.10.100 10.10.10.100 added to System logging server table. Console> (enable) set logging server facility local5 System logging server facility set to <local5> Console> (enable) set logging server severity 5 System logging server severity set to <5> Console> (enable) set logging server enable System logging messages will be sent to the configured syslog servers. Console> (enable)
To remove a syslog server from the syslog server table, perform this task in privileged mode:
| Task | Command |
|---|---|
Delete a syslog server from the syslog server table. | clear logging server ip_addr |
This example shows how to remove a syslog server from the syslog server table:
Console> (enable) clear logging server 10.10.10.100 System logging server 10.10.10.100 removed from system logging server table. Console> (enable)
To disable logging to the syslog server, perform this task in privileged mode:
| Task | Command |
|---|---|
Disable system message logging to configured syslog servers. | set logging server disable |
This example shows how to disable logging to syslog servers:
Console> (enable) set logging server disable System logging messages will not be sent to the configured syslog servers. Console> (enable)
Use the show logging command to display the current system message logging configuration. Use the noalias keyword to display the IP addresses instead of the hostnames of the configured syslog servers.
To display the current system message logging configuration, perform this task:
| Task | Command |
|---|---|
Display the current system message logging configuration. | show logging [noalias] |
This example shows how to display the current system message logging configuration:
Console> (enable) show logging
Logging buffer size: 200
timestamp option: disabled
Logging history size: 1
Logging console: enabled
Logging server: enabled
{syslog.bigcorp.com}
server facility: LOCAL5
server severity: notifications(5)
Facility Default Severity Current Session Severity
------------- ----------------------- ------------------------
cdp 3 3
drip 2 5
dtp 5 5
dvlan 2 5
earl 2 5
fddi 2 5
filesys 2 5
gvrp 2 5
ip 2 5
kernel 2 5
mcast 2 5
mgmt 5 5
mls 5 5
pagp 5 5
protfilt 2 5
pruning 2 5
radius 2 5
security 2 5
snmp 2 5
spantree 2 5
sys 5 5
tac 2 5
tcp 2 5
telnet 2 5
tftp 2 5
udld 4 5
vmps 2 5
vtp 2 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
Console> (enable)
Use the show logging buffer command to display the messages in the switch logging buffer. If you do not specify number_of_messages, the default is to display the last 20 messages in the buffer (-20).
To display the messages in the switch logging buffer, perform one of these tasks:
| Task | Command |
|---|---|
| show logging buffer [number_of_messages] |
| show logging buffer -[number_of_messages] |
This example shows how to display the first five messages in the buffer:
Console> (enable) show logging buffer 5 1999 Apr 16 08:40:11 %SYS-5-MOD_OK:Module 1 is online 1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 3 is online 1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 2 is online 1999 Apr 16 08:41:15 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1 1999 Apr 16 08:41:15 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/2
This example shows how to display the last five messages in the buffer:
Console> (enable) show logging buffer -5 %PAGP-5-PORTFROMSTP:Port 3/1 left bridge port 3/1 %SPANTREE-5-PORTDEL_SUCCESS:3/2 deleted from vlan 1 (PAgP_Group_Rx) %PAGP-5-PORTFROMSTP:Port 3/2 left bridge port 3/2 %PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1-2 %PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/1-2 Console> (enable)
Posted: Mon Jul 19 12:46:23 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.