Syslog Commands
This chapter is a reference for the syslog commands.
Linux applications use the syslog utility to collect, identify, time-stamp, filter, store, alert, and forward logging data. The syslog utility can track and log all manner of system messages from informational to extremely critical. Each system message sent to a syslog server has two descriptive labels associated with it:
• The function (facility) of the application that generated it. For example, an application such as mail and cron generates messages with a facility names “mail” and “cron”.
• Eight degrees of severity (numbered 0-7) of the message which are explained in
Table 33-93.
This chapter contains these commands:
Syslog Severities
In the example log entries in
Table 33-93, the prefixes are removed. For example. this is a complete log entry with the prefix:
2020 Apr 12 11:20:27.612 : 17U-18U : PSERV : MERG : !!! hsl Module crashed, System reboot halted as it rebooted continuosly 2 times
This is the same log entry without the prefix:
hsl Module crashed,System reboot halted as it rebooted continuosly 2 times
Table 33-93: Syslog severities (Sheet 1 of 2)
Severity Level | Keyword | Description |
|---|
0 | emergency | The whole system is unusable and needs operator intervention to recover. If only a particular port or component is unusable, but the system as a whole is still usable it is not categorized at an emergency level. Examples of this type of message: Output Power of PSU XX (psu_no) XX Watt] has exceeded Maximum Output Power Limit[XX Watt] OSPF Initialization failed. |
1 | alert | The operator needs to act immediately or the system might go into emergency state. The system or one of its component's functionality might be critically affected. Examples of this type of message: Temperature of sensor is (curr_temp)C. It is nearing Emergency Condition. OSPF has exceed lsdb limit OSPF Detected router with duplicate router ID [ID] |
2 | critical | A critical system event happened which requires the operator's attention. The event might not require immediate action, but this event can affect functionality or behavior of a system component. Examples of this type of message: OSPF Neighbor session went down. Interface %s changed state to down |
3 | error | An error event happened which does not require immediate attention. This log message provides details about error conditions in the system or its components which you can use to troubleshoot problems. These events are not logged directly even if the logging level is set to include this level. You also need to enable the protocol debug filters (such as debug ospf all). Examples of this type of message: Device i2c bus open error.!!! [DECODE] Attr ASPATH: Invalid AS Path value. OSPF MD5 authentication error |
4 | notification | Notifications about important system and protocol events to assure the operator that the system is running properly. If a critical/alert condition has happened and has been corrected, that is also logged at this level. Examples of this type of message: OSPF Received link up for interface: xe1 OSPF neighbour [10.1.1.1] Status change Exstart -> Exchange Interface %s changed state to UP |
5 | informational | Detailed informational events happening across the system and protocol modules. These events are not necessarily important and are useful only to find details about the functionality being executed in the system and its components. Some of these events might be periodic events like hello or keep alive messages along with packet dumps. Also, this level includes logs for control packets that are ignored and do not impact the protocol states. IP Infusion Inc. recommends to use proper debug filters to log only relevant events and switch off other events; otherwise the logs can get verbose. For example: debug ospf all no debug ospf packet hello The above enables all OSPF debugging, but disables the periodic hello messages. Examples of this type of message: Successfully added dynamic neighbour [DECODE] KAlive: Received! [FSM] Ignoring Unsupported event <EVENT> in state <STATE> Unknown ICMP packet type" OSPF RECV[%s]: From %r via %s: Version number mismatch OSPF RECV[%s]: From %r via %s: Network address mismatch |
6 | debug informational | Developer notification events that might not be readable by an operator. However these logs are useful for debugging by a developer and if required, this level needs to be enabled and provided to technical support for analysis. |
7 | debug detailed | Developer notification events that might not be readable by an operator. However these logs are useful for debugging by a developer and if required, this level needs to be enabled and provided to technical support for analysis. |
Log File Rotation
Log rotation is important to maintain the stability of the device, because the larger log files are difficult to manipulate and file system would run out of space. The solution to this common problem is log file rotation.
Log rotation is scheduled to happen for every 5 minutes, here the log file size is used as the condition to perform rotation.
Log rotate operation creates a backup of the current log file, and clears the current log file content. Also these rotated log files are compressed to save disk space. Excluding the current log file, four backup files are maintained in the system, and the older logs are removed as part of the rotation operation.
Default log file /var/log/messages rotated, if the size is greater than 100 MB. The following are the rotated log files generated in the path /var/log
root@host:/var/log# ls messages*
messages messages.1 messages.2.gz messages.3.gz messages.4.gz
Manually configured log file /log/LOG1 gets rotated, if its size is greater than configured size. Here LOG1 is the manually configured using the command logging logfile <filename> and the log file size in bytes can be configured using the command logging logfile LOG1 <severity> size <4096-419430400>
(config)#logging logfile LOG1 7 size 4096
Here configured logging file /log/LOG1 is rotated if the size is greater than 4096 bytes. The following are the rotated log files generated in the path /log
root@host:/log# ls LOG*
LOG1 LOG1.1 LOG1.2.gz LOG1.3.gz LOG1.4.gz
clear logging logfile
Use this command to clear the existing contents of the configured logging logfile.
Note: If the name of the configured logging log file is “mylogfile”, this command clears only the log file mylogfile. But the other rotated or compressed log files are untouched.
Command Syntax
clear logging logfile
Parameters
None
Default
No default value is specified
Command Mode
Executive mode
Applicability
This command was introduced before OcNOS version 3.0.
Example
#clear logging logfile
feature rsyslog
Use this command to enable the rsyslog server.
Use the no form of this command to disable the rsyslog server.
Command Syntax
feature rsyslog vrf (management|)
no feauture rsyslog vrf (management|)
Parameters
management
Virtual Routing and Forwarding name
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#feature rsyslog vrf management
log syslog
Use this command to begin logging to the system log and set the level to debug.
Syslog enables centrally logging and analyzing of configuration events and system error messages. This helps monitor interface status, security alerts, and CPU process overloads. It also allows real-time capturing of client debug sessions. The command instructs the VLOGD daemon to forward all PVR debug output from all active terminal monitor sessions to the syslog file.
Use the no parameter to disable logging to the system log.
Command Syntax
log syslog
no log syslog
Parameters
None
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#log syslog
logging console
Use this command to set the severity level that a message must reach before the messages is sent to the console. The
severity levels are from 0 to 7 as shown in
Table 33-93.
Use the command logging console disable to disable logging console messages.
Use the no form of this command to remove logging console configuration and return to the default severity level.
Note: Below message will be displayed if console severity is set to 6 or 7:
% Warning : If debug volume is huge it can degrade system performance and makes console to be non-
responsive
Note: For CMMD, Critical logs in the console are equivalent to Alert traps & Alert logs on the console is equivalent to
critical trap in SNMP.
Command Syntax
logging console (<0-7>|)
logging console disable
no logging console
Parameters
<0-7>
Maximum logging level for console messages as shown in
Table 33-93.
Note: Setting the level above 5 might affect performance and is not recommended in a production network.
disable
Disables the logging console
Default
If not specified, the default logging level is 2 (Critical).
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3 and the command logging console disable was introduced in the OcNOS version 5.1.
Example
#configure terminal
(config)#logging console 6
(config)#commit
(config)#logging console disable
(config)#commit
logging level
Use this command to set the severity level that a message for a specific process must reach before the messages is logged. The severity levels are from 0 to 7 as shown in
Table 33-93. Logging happens for the messages less than or equal to the configured severity level.
Use the no form of this command to disable logging messages.
Note: Default log level is 2 to report Emergency-0, Alert-1 and Critical-2 level events.
Command Syntax
logging level (all|auth|bgp|dvmrp|hostp|hsl|isis|l2mrib|lacp|lagd|ldp|mrib| mstp|ndd|nsm|onm|oam|ospf|ospf6|pim|pon|pservd|ptp|rib|rip|ripng|rmon|rsvp|sflow|vrrp) <0-7>
no logging level (all|auth|bgp|dvmrp|hostp|hsl|isis|l2mrib|lacp|lagd|ldp|mrib| mstp|ndd|nsm|oam|onm|ospf|ospf6|pim|pon|pservd|ptp|rib|rip|ripng|rmon|rsvp|sflow|vrrp)
Parameters
all
All messages
auth
Auth messages
bgp
BGP messages
dvmrp
DVMRP messages
hostp
Hostp messages
hsl
HSL messages
isis
ISIS messages
l2mrib
L2MRIB messages
lacp
LACP messages
lagd
LAGD messages
ldp
LDP messages
mrib
MRIB messages
mstp
MSTP messages
ndd
NDD messages
nsm
NSM messages
oam
OAM messages
onm
ONM messages
ospf
OSPF messages
ospf6
OSPF6 messages
pim
PIM messages
pon
PON messages
pservd
PSERVD messages
ptp
PTP messages
rib
RIB messages
rip
RIP messages
ripng
RIPNG messages
rmon
RMON messages
rsvp
RSVP messages
sflow
Sflow messages
vrrp
VRRP messages
<0-7>
Default
By default, the logging level is 2 (critical).
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
Note: From OcNOS version 4.2, the behavior of the option all for the logging level command has changed for the running-config. Now the command logging level all is displayed in the running-config with its respective level defined by the user instead of one command for each process. If the user have some logging level configured for some specific process in the system when the logging level all command is executed, the level of process that is already configured stays with the level and all other process are configured with the level defined by the all option. This change is necessary to support the option all for logging level in the Netconf also.
#configure terminal
(config)#logging level all 7
(config)#do show running-config logging
logging level ospf 3
logging level hostp 5
logging level all 7
feature rsyslog
(config)#
logging logfile
Use this command to specify the log file controls and where to save the logs in a configuration file. This command enables writing debug output and command history to the disk file in the directory /log/.
When logging logfile is enabled, OcNOS log information is stored in user configured logging file which is present in "/log" directory. The log is spread across four files total of these files size is the user configured size.
For example, if the name of the logging log file is “mylogFile” and logging file size configured is 4 MB then each file will be maximum size of 1MB. The logging file names will be "mylogFile", "mylogfile.0", "mylogfile.1" and "mylogfile.2".
"mylogFile" will have the latest log information. As soon as it’s size becomes 1 MB this file is renamed as mylogFile.0 and newlog information is written to new "mylogFile". As a result oldest log information stored in mylogfile.2 and is lost in order to accommodate new set of logs in mylogFile.
Use option no to cancel writing to a specific log file.
Note: Changing logfile paramenters (name/size/severity) will be taken into effect for the next OcNOS session.
Command Syntax
logging logfile LOGFILENAME <0-7> ((size <4096-419430400>)|)
no logging logfile
Parameter
LOGFILENAME
Specify the snmp user name (Min 5 to Max 32 alphanumeric characters).
<0-7>
<4096-419430400>
Log file size in bytes.
Default
By default, log file size is 419430400 bytes.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
This command is used to log the debug messages of a particular protocol daemon to the specified file.
#configure terminal
(config)#logging logfile test123 7
logging monitor
Use this command to set the severity level that a message must reach before a monitor message is logged. The
severity levels are shown in
Table 33-93.
Use the command logging monitor disable to disable the logging monitor messages.
Use the no form of this command to remove logging monitor config and return to the default severity level.
Command Syntax
logging monitor (<0-7>|)
logging monitor disable
no logging monitor
Parameters
<0-7>
Maximum logging level for monitor messages as shown in
Table 33-93.
Note: Setting the level above 5 might affect performance and is not recommended in a production network.
disable
Disables logging monitor
Default
If not specified, the default logging level is 7 (debug-details).
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3 and the command logging monitor disable was introduced in the OcNOS version 5.1.
Example
#configure terminal
(config)#logging monitor 6
(config)#commit
(config)#logging monitor disable
(config)#commit
logging remote facility
Use this command to set a syslog servers facility.
OcNOS supports logging messages to one or more remote syslog servers. but the same facility is used for all the servers.
Use the no form of this command to use the default facility value, which is local7.
Note: Only one facility is supported for all protocol modules across all the configured logging servers.
Command Syntax
logging remote facility (local0|local1|local2|local3|local4|local5|local6|local7|user)
no logging remote facility
Parameters
facility
Entity logging the message (user defined); if not specified, the default is local7
local0
Local0 entity
local1
Local1 entity
local2
Local2 entity
local3
Local3 entity
local4
Local4 entity
local5
Local5 entity
local6
Local6 entity
local7
Local7 entity (default)
user
User entity
Default
If not specified, the default facility is local7.
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 4.1.
Examples
#configure terminal
(config)#logging remote facility local 6
(config)#no logging remote facility
logging remote server
Use this command to set a syslog server.
OcNOS supports logging messages to a syslog server in addition to logging to a file or the console (local or SSH/telnet console). OcNOS messages can be logged to a local syslog server (the machine on which OcNOS executes) as well as to one or more remote syslog servers.
Use the no form of this command to remove a syslog server.
Note: Maximum 8 remote log servers can be configured.
Command Syntax
logging remote server (A.B.C.D|X:X::X:X|HOSTNAME) ((0|1|2|3|4|5|6|7)|) (port <1024-65535>|)(vrf management|)
no logging remote server (A.B.C.D|X:X::X:X|HOSTNAME) ((0|1|2|3|4|5|6|7)|) (port|)(vrf management|)
Parameters
A.B.C.D
IPv4 address
X:X::X:X
IPv6 address
HOSTNAME
Host name; specify localhost to log locally
0
Emergency
1
Alert
2
Critical
3
Error
4
Notification
5
Informational
6
Debug informational
7
Debug detailed
<1024-65535>
Port number Default port is 514
vrf management
Virtual Routing and Forwarding name
Note: Severity at which messages are logged as shown in
Table 33-93. If not specified, the default is 7.
Default
If not specified, the default severity at which messages are logged is 7 (debug detailed).
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 6.4.
Examples
#configure terminal
(config)#logging remote server MyLogHost vrf management
(config)#no feature rsyslog vrf management
(config)# (config)#feature rsyslog
(config)#logging remote server 10.10.10.10 7
Note: In the latter configuration, the default VRF does not need not to be specified in the command.
logging timestamp
Use this command to set the logging timestamp granularity.
Use the no form of this command to reset the logging timestamp granularity to its default (milliseconds).
Note: Any change in timestamp configurations will result in timestamp configured for event logged by protocol modules except for CLI history for the current and active sessions. The timestamp configuration is reflected in CLI history for new CLI sessions.
Changing logging timestamp will be taken into effect for the next OcNOS session.
Command Syntax
logging timestamp (microseconds|milliseconds|seconds|none)
no logging timestamp
Parameters
microseconds
Microseconds granularity
milliseconds
Milliseconds granularity
seconds
Seconds granularity
none
no timestamp in log message
Default
By default, logging time stamp granularity is milliseconds.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#logging timestamp milliseconds
show logging
Use this command to display the logging configuration.
Command Syntax
show logging (info|level|server|console|timestamp|monitor)
Parameters
info
Show server logging configuration
level
Show facility logging configuration
server
Syslog server configuration
console
Console configuration
timestamp
Timestamp configuration
monitor
Monitor configuration
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show logging console
Console logging : enabled Severity: Operator (critical) Level : 2
#show logging monitor
Logging monitor : enabled Severity: Operator (debugging) Level: 7
#show logging server
Remote Servers:
1.1.1.1
severity: Operator (informational)
facility: local7
VRF : management
#sh logging info
Remote Servers:
1.1.1.1
severity: Operator (informational)
facility: local7
VRF : management
Logging console : enabled Severity: operator (critical) Level : 2
Logging monitor : enabled Severity: Operator (debugging) Level : 7
Logging timestamp : seconds
File logging : enabled File Name : /log/abc Severity : Operator (de
bugging) Level : 7 Size : 4194304
Cli logging : enabled
Facility Default Severity Current Session Severity
nsm 2 2
ripd 2 2
ripngd 2 2
ospfd 2 2
ospf6d 2 2
isisd 2 2
hostpd 2 2
mribd 2 2
pimd 2 2
authd 2 2
mstpd 2 2
onmd 2 2
HSL 2 2
oamd 2 2
vlogd 2 2
vrrpd 2 2
ndd 2 2
ribd 2 2
bgpd 2 2
l2mribd 2 2
hslrasmgr 2 2
lagd 2 2
pservd 2 2
cmmd 2 2
show logging last
Use this command to display lines from the end of the log file.
Command Syntax
show logging last (<1-9999>)
Parameters
<1-9999>
Number of lines to display from end of the log file
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show logging last 100
2016 Mar 03 00:02:32 x86_64-debian NSM-3: AgentX: failed to send open message: Connection refused
2016 Mar 03 00:02:33 x86_64-debian OSPF-3: AgentX: failed to send open message: Connection refused
2016 Mar 03 00:02:33 x86_64-debian OSPFv3-3: AgentX: failed to send open message: Connection refused
2016 Mar 03 00:02:33 x86_64-debian IS-IS-3: AgentX: failed to send open message: Connection refused
2016 Mar 03 00:02:33 x86_64-debian BGP-3: AgentX: failed to send open message: Connection refused
2016 Mar 03 00:02:33 x86_64-debian RIP-3: AgentX: failed to send open message: Connection refused
show logging logfile
Use this command to display whether logging is enabled, the log file name, and the logging severity.
Command Syntax
show logging logfile
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#sh logging logfile
File logging : enabled File Name : /log/abc Severity : (7)
2017 Sep 25 17:18:14 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
logging server 1.1.1.1 5 vrf management '
2017 Sep 25 17:18:14 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
ex'
2017 Sep 25 17:18:17 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging info '
2017 Sep 25 17:19:15 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging console '
2017 Sep 25 17:19:20 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging monitor '
2017 Sep 25 17:19:32 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging logfile '
2017 Sep 25 17:19:44 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging server '
2017 Sep 25 17:28:26 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging info '
2017 Sep 25 17:29:02 : OcNOS : CMLSH : CLI_HIST : User root@/dev/ttyS1 : CLI : '
sh logging console
show logging logfile last-index
Use this command to display the number of line in the log file.
Command Syntax
show logging logfile last-index
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show logging logfile last-index
logfile last-index : 10
Table 33-94 explains the output fields.
Table 33-94: show logging logfile last-index fields
Entry | Description |
|---|
logfile last-index | Number of line in the logfile. |
show logging logfile start-seqn end-seqn
Use this command to display a range of lines in the log file.
Command Syntax
show logging logfile start-seqn (<0-2147483647>) (|(end-seqn <0-2147483647>))
Parameters
start-seqn
Starting line number
end-seqn
Ending line number
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show logging logfile start-seqn 2 end-seqn 7
2
3 2019 Jan 04 06:20:49.611 : NE4-router : CMLSH : CLI_HIST : User root@/dev/ttyS0 : CLI : sh logging logfile
4
5 2019 Jan 04 06:21:08.512 : NE4-router : CMLSH : CLI_HIST : User root@/dev/ttyS0 : CLI : show logging logfile last-index
6
7 2019 Jan 04 06:21:16.246 : NE4-router : CMLSH : CLI_HIST : User root@/dev/ttyS0 : CLI : show logging logfile last-index
NE4-router#
Table 33-95 explains the output fields.
Table 33-95: show logging logfile start-seqn end-seqn fields
Entry | Description |
|---|
start-seqn | Starting line number |
end-seqn | Ending line number |
show logging logfile start-time end-time
Use this command to display lines from the log file within a given date-time range.
Command Syntax
show logging logfile start-time (<2000-2030> WORD <1-31> WORD) (|(end-time <2000-2030> WORD <1-31> WORD))
Parameters
start-time
Starting date and time:
<2000-2030>
Year in YYYY format
WORD
Month as jan, feb, mar,..., oct, nov, or dec (maximum length 3 characters)
<1-31>
Day of month in DD format
WORD
Hour, minutes, seconds in HH:MM:SS format (maximum length 8 characters); range <0-23>:<0-59>:<0-59>
end-time
Ending date and time:
<2000-2030>
Year in YYYY format
WORD
Month as jan, feb, mar,..., oct, nov, or dec (maximum length 3 characters)
<1-31>
Day of month in DD format
WORD
Hour, minutes, seconds in HH:MM:SS format (maximum length 8 characters); range <0-23>:<0-59>:<0-59>
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#sh logging logfile start-time 2019 Jan 04 06:20:49 end-time 2019 Jan 04 06:21:16
2019 Jan 04 06:20:49.611 : NE4-router : CMLSH : CLI_HIST : User root@/dev/ttyS0 : CLI : sh logging logfile
2019 Jan 04 06:21:08.512 : NE4-router : CMLSH : CLI_HIST : User root@/dev/ttyS0 : CLI : show logging logfile last-index
2019 Jan 04 06:21:16.246 : NE4-router : CMLSH : CLI_HIST : User root@/dev/ttyS0 : CLI : show logging logfile last-index
#
show running-config logging
Use this command to display the logging configuration.
Command Syntax
show running-config logging
Parameters
None
Command Mode
Exec mode and Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show running-config logging
no Logging console
no Logging monitor
logging timestamp milliseconds