|
|
The Syslog Disk Logging feature allows you to collect, store, and retrieve all managed shelf syslog messages through the system controller.
The system controller receives syslog messages from managed shelves and stores these messages in subfiles on its disk.
Each syslog message stored in a subfile contains the following information:
In addition, this feature provides an enhanced method of viewing messages in the logging history table. Messages can be displayed based on host IP address, time received, and order received.
The Syslog Disk Logging feature provides the following benefits:
Subfiles provide additional storage space for syslog messages. They contain the large logging history tables and preserve the tables even when the machine is reloaded.
The system controller creates subfiles using the same name as the root and a different extension for each subfile:
The file space is preallocated before any messages are received in order to provide deterministic disk space allocation. When the system controller receives a new syslog message, the following events occur:
shelf---An access server or router managed by the system controller.
system controller---A Cisco IOS-based device that aids in the monitoring and management of a number of access servers and routers.
In order to use this feature, you must first configure the Shelf Discovery and Autoconfiguration feature, which automatically configures the managed shelves to send syslog messages to the system controller. In addition, the service timestamp log datetime command is configured on all the shelves. Refer to the "Shelf Discovery and Configuration" feature documentation for these tasks.
If you want messages generated by the system controller to be stored in the subfiles along with messages received from managed shelves, configure the system controller as the syslog server for its own messages using the logging host command.
To enable and use the Syslog Disk Logging feature, perform the following tasks:
Normally, the system controller just stores messages in the logging history table. However, in order to store a larger number of messages and preserve the messages across reboots of the machine, you should create syslog-server subfiles. To create these subfiles, perform the following task in global configuration mode:
| Task | Command |
|---|---|
Create the syslog-server subfiles. | logging syslog-server size number dir-name |
Verify that the files have been created. | dir disk0: |
A typical subfile configuration is five subfiles with a size of 500 KB. This configuration stores significant volumes of syslog data but still allows efficient searching. If the subfiles are too large or numerous, the show syslog-server command might be slow.
To view syslog messages stored in subfiles, perform the following task in EXEC mode:
| Task | Command |
|---|---|
Display syslog messages. | show syslog-server [last number | since [date] hh:mm:ss] [source ip-address] |
The following example creates five subfiles. Each subfile has a maximum size of 2000 KB. Thus, the total available size is 10000 KB. The subfiles are named mysyslog.cur, mysyslog.1, mysyslog.2, mysyslog.3, and mysyslog.4.
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# logging syslog-server 2000 5 mysyslog Router(config)# end %SYS-5-CONFIG_I: Configured from console by console Router# dir disk0: Directory of disk0:/ 3 drw- 0 Jan 17 1998 07:03:53 syslogd.dir 4 drw- 0 Jan 12 1998 11:02:29 performance 12 drw- 0 Jan 12 1998 11:56:37 configs 242 drw- 0 Jan 21 1998 17:51:29 mysyslog.dir 340492288 bytes total (336560128 bytes free) Router# dir disk0:/mysyslog.dir Directory of disk0:/mysyslog.dir/ 0 -rw- 0 Jan 21 1998 17:51:29 mysyslog.1 0 -rw- 0 Jan 21 1998 17:51:29 mysyslog.2 0 -rw- 0 Jan 21 1998 17:51:29 mysyslog.3 0 -rw- 0 Jan 21 1998 17:51:31 mysyslog.4 0 -rw- 0 Jan 21 1998 17:51:31 mysyslog.cur 340492288 bytes total (336560128 bytes free)
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 11.3 command references.
To create subfiles for syslog-server logging, use the logging syslog-server global configuration command. The no form of this command stops storage of syslog messages in the subfiles.
logging syslog-server size number dir-name
size | Maximum size of a syslog-server subfile in kilobytes (KB). The range is from 10 to 10000. |
number | Maximum number of syslog-server subfiles. The range is from 2 to 10. |
dir-name | Root name of the subfile directory. |
No subfiles are created.
Global configuration
This command first appeared in Cisco IOS Release 11.3 AA.
Use this command to create subfiles to store syslog messages the system controller receives from its managed shelves. The system controller will create subfiles using the name specified with a different extension to differentiate the subfiles. The current subfile is name.cur. The first archived subfile is name.1; the second is name.2. The last (oldest) archived subfile's extension is one less than the maximum number of subfiles.
After the subfiles are created, the system controller will add any syslog messages it receives to the current subfile. If the current subfile is full, all of the subfiles are renamed to use the next (higher) extension and a new current subfile is created.
The no form of this command stops the storage of syslog messages in the subfiles. However, the subfiles are not erased and remain on the disk.
The following example creates five subfiles. Each subfile has a maximum size of 2000 KB. Thus, the total available size is 10000 KB. The subfiles are named mysyslog.cur, mysyslog.1, mysyslog.2, mysyslog.3, and mysyslog.4.
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# logging syslog-server 2000 5 mysyslog Router(config)# end %SYS-5-CONFIG_I: Configured from console by console Router# dir disk0: Directory of disk0:/ 3 drw- 0 Jan 17 1998 07:03:53 syslogd.dir 4 drw- 0 Jan 12 1998 11:02:29 performance 12 drw- 0 Jan 12 1998 11:56:37 configs 242 drw- 0 Jan 21 1998 17:51:29 mysyslog.dir 340492288 bytes total (336560128 bytes free) Router# dir disk0:/mysyslog.dir Directory of disk0:/mysyslog.dir/ 0 -rw- 0 Jan 21 1998 17:51:29 mysyslog.1 0 -rw- 0 Jan 21 1998 17:51:29 mysyslog.2 0 -rw- 0 Jan 21 1998 17:51:29 mysyslog.3 0 -rw- 0 Jan 21 1998 17:51:31 mysyslog.4 0 -rw- 0 Jan 21 1998 17:51:31 mysyslog.cur 340492288 bytes total (336560128 bytes free)
To display certain syslog messages in the syslog history table, use the show syslog-server EXEC command.
show syslog-server [last number | since [date date] hh:mm:ss] [source ip-address]
last | Displays the newest syslog messages. |
number | Number of syslog messages to display. You can display up to the last 500 messages. |
since | Displays messages after the specified time. |
date date | Displays messages starting on this date. The format is either month day year or day month year. If you do not specify a date, only messages from the current date are displayed. |
hh:mm:ss | Displays messages starting at this time. |
source ip-address | Displays syslog messages from the specified host. |
EXEC
This command first appeared in Cisco IOS Release 11.3 AA.
Use this command to display syslog messages the system controller has stored in its logging history subfiles. If you do not specify any filter options, all of the messages in all of the subfiles are displayed. When you specify multiple filters for messages, only messages that meet all of the criteria are displayed.
The following example displays the last three messages the system controller received:
Router# show syslog-server last 3 Jan 7 21:44:09 [172.23.3.200] %CI-3-BLOWER: ps2 fan failure Jan 7 21:50:09 [172.23.3.200] %CI-3-PSFAIL: Power supply 2 failure Jan 7 21:50:10 [172.23.3.200] %CI-3-BLOWER: ps2 fan failure
The following example displays the last message from the host at 172.23.3.200:
Router# show syslog-server source 172.23.3.200 last 1 Jan 7 21:50:10 [172.23.3.200] %CI-3-BLOWER: ps2 fan failure
The following example displays the messages generated since 9:50 pm on January 7, 1998:
Router# show syslog-server since date 7 jan 1998 21:50:00 Jan 7 21:50:09 [172.23.3.200] %CI-3-PSFAIL: Power supply 2 failure Jan 7 21:50:10 [172.23.3.200] %CI-3-BLOWER: ps2 fan failure
Table 1 explains the fields shown in these examples, using the first line from the first example for illustrative purposes.
| Field | Description |
|---|---|
Jan 7 | Date of the syslog message. |
21:44:09 | Time the syslog message was generated. |
[172.23.3.200] | IP address of the host generating the syslog message. |
%CI-3-BLOWER | Error message. |
ps2 fan failure | Message Text. |
The debug syslog-server command has been added for this feature.
Use the debug syslog-server EXEC command to display information about the syslog server process. The no form of this command disables debugging output.
[no] debug syslog-serverThis command outputs a message every time the syslog server receives a message. It also displays information about subfile creation, removal, and renaming.
Use this command when subfiles are not being created as configured or data is not being written to subfiles. This command is also useful for detecting syslog file size mismatches.
The following sample display shows output when the following command has been added to the configuration:
logging syslog-server 10 3 syslogs
This example shows the files being created. Use the dir disk0:/syslogs.dir command to view the contents of the newly created directory.
Router# debug syslog-server SYSLOG_SERVER:Syslog file syslogs SYSLOG_SERVER:Directory disk0:/syslogs.dir created. SYSLOG_SERVER:Syslog file syslogs created successfully.
When a syslog message is received, the router checks to see if the current file will be too large when the new data is added. In this example, two messages are successfully added to the file.
SYSLOG_SERVER: Configured size : 10240 bytes Current size : 0 bytes Data size : 68 bytes New size : 68 bytes SYSLOG_SERVER: Wrote 68 bytes successfully. SYSLOG_SERVER: Configured size : 10240 bytes Current size : 68 bytes Data size : 61 bytes New size : 129 bytes SYSLOG_SERVER: Wrote 61 bytes successfully.
Table 2 describes significant fields in this display.
| Field | Description |
|---|---|
Configured size | The maximum subfile size, as set in the logging syslog-server command. |
Current size | The size of the current subfile before the new message is added. |
Data size | The size of the syslog message. |
New size | The size of the current subfile after the syslog message is added. |
The following output indicates that the current file is too full to fit the next syslog message. The oldest subfile is removed, and the remaining files are renamed. A new file is created and opened for writing syslog messages.
SYSLOG_SERVER:Last archive subfile disk0:/syslogs.dir/syslogs.2 removed. SYSLOG_SERVER: Subfile disk0:/syslogs.dir/syslogs.1 renamed as disk0:/syslogs.dir/syslogs.2. SYSLOG_SERVER:subfile disk0:/syslogs.dir/syslogs.cur renamed as disk0:/syslogs.dir/syslogs.1. SYSLOG_SERVER:Current subfile disk0:/syslogs.dir/syslogs.cur has been opened.
Posted: Fri Mar 5 23:09:47 PST 1999
Copyright 1989-1999©Cisco Systems Inc.