Management – SYSLOG

aaa logging

To enable logging AAA logins, use the aaa logging Global Configuration mode command. To disable logging AAA logins, use the no form of this command.

Syntax

aaa logging {login} no aaa logging {login}

Parameters

login—Enables logging messages related to successful AAA login events, unsuccessful AAA login events and other AAA login-related events.

Default Configuration Enabled.

Command Mode

Global Configuration mode

User Guidelines

This command enables logging messages related to successful login events, unsuccessful login events and other login-related events. Other types of AAA events are not subject to this command.

Example

The following example enables logging AAA login events.

switchxxxxxx(config)# aaa logging login

clear logging

To clear messages from the internal logging buffer, use the clear logging Privileged EXEC mode command.

Syntax

clear logging

Parameters

This command has no arguments or keywords.

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example clears messages from the internal logging buffer.

switchxxxxxx# clear logging Clear Logging Buffer ? (Y/N)[N]

clear logging file

To clear messages from the logging file, use the clear logging file Privileged EXEC mode command.

Syntax

clear logging file

Parameters

This command has no arguments or keywords.

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example clears messages from the logging file.

switchxxxxxx# clear logging file Clear Logging File [y/n]

file-system logging

To enable logging file system events, use the file-system logging Global Configuration mode command. To disable logging file system events, use the no form of this command.

Syntax

file-system logging {copy | delete-rename} no file-system logging {copy | delete-rename}

Parameters

  • copy—Specifies logging messages related to file copy operations.
  • delete-rename—Specifies logging messages related to file deletion and renaming operations.

Default Configuration Enabled.

Command Mode

Global Configuration mode

Example

The following example enables logging messages related to file copy operations.

switchxxxxxx(config)# file-system logging copy

logging buffered

To limit the SYSLOG message display to messages with a specific severity level, and to define the buffer size (number of messages that can be stored), use the logging buffered Global Configuration mode command. To cancel displaying the SYSLOG messages, and to return the buffer size to default, use the no form of this command.

Syntax

logging buffered [buffer-size] [severity-level | severity-level-name] no logging buffered

Parameters

  • buffer-size—(Optional) Specifies the maximum number of messages stored in buffer. (Range: 20–1000)
  • severity-level—(Optional) Specifies the severity level of messages logged in the buffer. The possible values are: 1-7.
  • severity-level-name—(Optional) Specifies the severity level of messages logged in the buffer. The possible values are: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging.

Default Configuration

The default severity level is informational.

The default buffer size is 1000.

Command Mode

Global Configuration mode

User Guidelines

All the SYSLOG messages are logged to the internal buffer. This command limits the messages displayed to the user.

Example

The following example shows two ways of limiting the SYSLOG message display from an internal buffer to messages with severity level debugging. In the second example, the buffer size is set to 100 and severity level informational.

switchxxxxxx(config)# logging buffered debugging
switchxxxxxx(config)# logging buffered 100 informational

logging console

To limit messages logged to the console to messages to a specific severity level, use the logging console Global Configuration mode command. To restore the default, use the no form of this command.

Syntax

logging console level no logging console

Parameters

level—Specifies the severity level of logged messages displayed on the console. The possible values are: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging.

Default Configuration Informational.

Command Mode

Global Configuration mode

Example

The following example limits logging messages displayed on the console to messages with severity level errors.

switchxxxxxx(config)# logging console errors

logging file

To limit SYSLOG messages sent to the logging file to messages with a specific severity level, use the logging file Global Configuration mode command. To cancel sending messages to the file, use the no form of this command.

Syntax

logging file level no logging file

Parameters

level—Specifies the severity level of SYSLOG messages sent to the logging file. The possible values are: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging.

Default Configuration

The default severity level is errors.

Command Mode

Global Configuration mode

Example

The following example limits SYSLOG messages sent to the logging file to messages with severity level alerts.

switchxxxxxx(config)# logging file alerts

logging host

To log messages to the specified SYSLOG server, use the logging host Global Configuration command. To delete the SYSLOG server with the specified address from the list of SYSLOG servers, use the no form of this command.

Syntax

logging host {ip-address | ipv6-address | hostname} [port port] [severity level]

[facility facility] [description text]

no logging host {ipv4-address | ipv6-address | hostname}

Parameters

  • ip-address—IP address of the host to be used as a SYSLOG server. The IP address can be an IPv4, IPv6 or Ipv6z address. See IPv6z Address Conventions.
  • hostname—Hostname of the host to be used as a SYSLOG server. Only translation to IPv4 addresses is supported. (Range: 1–158 characters. Maximum label size for each part of the host name: 63)
  • port port—(Optional) Port number for SYSLOG messages. If unspecified, the port number defaults to 514. (Range: 1–65535)
  • severity level—(Optional) Limits the logging of messages to the SYSLOG servers to a specified level: Emergencies, Alerts, Critical, Errors, Warnings, Notifications, Informational, Debugging.
  • facility facility—(Optional) The facility that is indicated in the message. It can be one of the following values: local0, local1, local2, local3, local4, local5, local 6, local7. If unspecified, the port number defaults to local7.
  • description text—(Optional) Description of the SYSLOG server. (Range: Up to 64 characters)

Default Configuration

No messages are logged to a SYSLOG server.

If unspecified, the severity level defaults to Informational.

Command Mode

Global Configuration mode

User Guidelines

You can use multiple SYSLOG servers.

Examples

switchxxxxxx(config)# logging host 1.1.1.121 
switchxxxxxx(config)# logging host 3000::100/SYSLOG1

logging on

To enable message logging, use the logging on Global Configuration mode command. This command sends debug or error messages asynchronously to designated locations. To disable the logging, use the no form of this command.

Syntax

logging on no logging on

Parameters

This command has no arguments or keywords.

Default Configuration

Message logging is enabled.

Command Mode

Global Configuration mode

User Guidelines

The logging process controls the logging messages distribution at various destinations, such as the logging buffer, logging file or SYSLOG server. Logging on and off at these destinations can be individually configured using the clear logging file, logging console, and aaa logging Global Configuration mode commands. However, if the aaa logging command is disabled, no messages are sent to these destinations. Only the console receives messages.

Example

The following example enables logging error messages.

switchxxxxxx(config)# logging on

logging source-interface

To specify the source interface whose IPv4 address will be used as the source IPv4 address for communication with IPv4 SYSLOG servers, use the logging source-interface Global Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

logging source-interface interface-id no logging source-interface

Parameters

interface-id—Specifies the source interface.

Default Configuration

The source IPv4 address is the IPv4 address defined on the outgoing interface and belonging to next hop IPv4 subnet.

Command Mode

Global Configuration mode

User Guidelines

If the source interface is the outgoing interface, the interface IP address belonging to the next hop IPv4 subnet is applied.

If the source interface is not the outgoing interface, the lowest IPv4 address defined on the source interface is applied.

If there is no available IPv4 source address, a SYSLOG message is issued when attempting to communicate with an IPv4 SYSLOG server.

OOB cannot be defined as a source interface.

Example

The following example configures the VLAN 10 as the source interface.

switchxxxxxx(config)# logging source-interface vlan 100

logging source-interface-ipv6

To specify the source interface whose IPv6 address will be used as the source IPv6 address for communication with IPv6 SYSLOG servers, use the logging source-interface-ipv6 Global Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

logging source-interface-ipv6 interface-id no logging source-interface-ipv6

Parameters

interface-id—Specifies the source interface.

Default Configuration

The IPv6 source address is the defined IPv6 address of the outgoing interface and selected in accordance with RFC6724.

Command Mode

Global Configuration mode

User Guidelines

If the source interface is the outgoing interface, the IPv6 address defined on the interfaces and selected in accordance with RFC 6724.

If the source interface is not the outgoing interface, the minimal IPv6 address defined on the source interface with the scope of the destination IPv6 address is applied.

If there is no available IPv6 source address, a SYSLOG message is issued when attempting to communicate with an IPv6 SYSLOG server.

Example

The following example configures the VLAN 10 as the source interface.

switchxxxxxx(config)# logging source-interface-ipv6 vlan 100

logging aggregation on

To control aggregation of SYSLOG messages, use the logging aggregation on Global Configuration mode command. If aggregation is enabled, logging messages are displayed every time interval (according to the aging time specified by logging aggregation aging-time). To disable aggregation of SYSLOG messages, use the no form of this command.

Syntax

logging aggregation on no logging aggregation on

Parameters

This command has no arguments or keywords.

Default Configuration

Disabled

Command Mode

Global Configuration mode

Example

To turn off aggregation of SYSLOG messages:

switchxxxxxx(config)# no logging aggregation on

logging aggregation aging-time

To configure the aging time of the aggregated SYSLOG messages, use the logging aggregation aging-time Global Configuration mode command. The SYSLOG messages are aggregated during the time interval set by the aging-time parameter. To return to the default, use the no form of this command.

Syntax

logging aggregation aging-time sec no logging aggregation aging-time

Parameters

aging-time sec—Aging time in seconds (Range: 15–3600)

Default Configuration

300 seconds.

Command Mode

Global Configuration mode

Example

switchxxxxxx(config)# logging aggregation aging-time 300

logging origin-id

To configure the origin field of the SYSLOG message packet headers sent to the SYSLOG server, use the logging origin-id Global Configuration mode command. To return to the default, use the no form of this command.

Syntax

logging origin-id {hostname | IP | IPv6 | string user-defined-id} no logging origin-id

Parameters

  • hostname—The system hostname will be used as the message origin identifier.
  • IP—IP address of the sending interface that is used as the message origin identifier.
  • IPv6—IPv6 address of the sending interface that is used as the message origin identifier. If the sending interface is IPv4, the IPv4 address will be used instead.
  • string user-defined-id—Specifies an identifying description chosen by the user. The user-defined-id argument is the identifying description string.

Default Configuration

No header is sent apart from the PRI field.

Command Mode

Global Configuration mode

Example

switchxxxxxx(config)# logging origin-id string “Domain 1, router B”

show logging

To display the logging status and SYSLOG messages stored in the internal buffer, use the show logging Privileged EXEC mode command.

Syntax show logging

Parameters

This command has no arguments or keywords.

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example displays the logging status and the SYSLOG messages stored in the internal buffer.

switchxxxxxx# show logging
 
Logging is enabled. Origin id: hostname
 
Console Logging: Level info. Console Messages: 0 Dropped.
 
Buffer Logging: Level info. Buffer Messages: 61 Logged, 61 Displayed, 200 Max.
 
File Logging: Level error. File Messages: 898 Logged, 64 Dropped.
 
4 messages were not logged
 
Application filtering control
 
Application            Event                  Status
 
--------------------   ----------------       ---------
 
AAA                    Login                  Enabled
 
File system            Copy                   Enabled
 
File system            Delete-Rename          Enabled Management ACL         Deny                   Enabled
 
Aggregation: Disabled.
 
Aggregation aging time: 300 Sec
 
01-Jan-2010 05:29:46 :%INIT-I-Startup: Warm Startup
 
01-Jan-2010 05:29:02 :%LINK-I-Up:  Vlan 1
 
01-Jan-2010 05:29:02 :%LINK-I-Up:  SYSLOG6
 
01-Jan-2010 05:29:02 :%LINK-I-Up:  SYSLOG7
 
01-Jan-2010 05:29:00 :%LINK-W-Down:  SYSLOG8

show logging file

To display the logging status and the SYSLOG messages stored in the logging file, use the show logging file Privileged EXEC mode command.

Syntax

show logging file

Parameters

This command has no arguments or keywords.

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example displays the logging status and the SYSLOG messages stored in the logging file.

switchxxxxxx# show logging file
 
Logging is enabled. Origin id: hostname
 
Console Logging: Level info. Console Messages: 0 Dropped.
 
Buffer Logging: Level info. Buffer Messages: 61 Logged, 61 Displayed, 200 Max.
 
File Logging: Level error. File Messages: 898 Logged, 64 Dropped.
 
4 messages were not logged
 
Application filtering control
 
Application            Event                  Status
 
--------------------   ----------------       ---------
 
AAA                    Login                  Enabled
 
File system            Copy                   Enabled
 
File system            Delete-Rename          Enabled Management ACL         Deny                   Enabled
 
Aggregation: Disabled.
 
Aggregation aging time: 300 Sec
 
1-Jan-2010 05:57:00 :%SSHD-E-ERROR: SSH error: key_read: type mismatch: encoding error
 
01-Jan-2010 05:56:36 :%SSHD-E-ERROR: SSH error: key_read: type mismatch: encoding error
 
01-Jan-2010 05:55:37 :%SSHD-E-ERROR: SSH error: key_read: type mismatch: encoding error
 
01-Jan-2010 05:55:03 :%SSHD-E-ERROR: SSH error: key_read: key_from_blob bgEgGnt9 z6NHgZwKI5xKqF7cBtdl1xmFgSEWuDhho5UedydAjVkKS5XR2... failed
 
01-Jan-2010 05:55:03 :%SSHD-E-ERROR: SSH error: key_from_blob: invalid key type. 01-Jan-2010 05:56:34 :%SSHD-E-ERROR: SSH error: bad sigbloblen 58 != SIGBLOB_LEN console#

show syslog-servers

To display the SYSLOG server settings, use the show syslog-servers Privileged EXEC mode command.

Syntax show syslog-servers

Parameters

This command has no arguments or keywords.

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example provides information about the SYSLOG servers.

switchxxxxxx# show syslog-servers Source IPv4 interface: vlan 1
 
Source IPv6 interface: vlan 10
 
Device Configuration
 
--------------------
 
IP address    Port   Facility Severity  Description
 
------------- ----   --------- -------- --------------
 
1.1.1.121     514    local7    info
 
3000::100     514    local7    info
 
OOB host Configuration
 
----------------------
 
IP address    Port   Facility Severity  Description
 
------------- ----   --------- -------- --------------
 
2.1.1.200     514    local7    warning

Was this article helpful?

Related Articles

Leave A Comment?