The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The XML Interface to Syslog Messages features provides command-line interface (CLI) commands for enabling syslog messages to be sent in an Extensible Markup Language (XML) format. Logs in a standardized XML format can be more readily used in external customized monitoring tools.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information for XML Interface to Syslog Messages.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
•Information About the XML Interface to Syslog Messages Feature
•How to Configure XML Formatting of Syslog Messages
•Configuration Examples for XML Formatting of Syslog Messages
•Feature Information for XML Interface to Syslog Messages
To configure the XML Interface to Syslog Messages feature, you must understand the following concepts:
•Cisco IOS System Message Logging
•XML-Formatted System Message Logging
•System Logging Message Formatting
The Cisco IOS system message logging (syslog) process allows the system to report and save important error and notifications messages, either locally or to a remote logging server. These syslog messages include messages in a standardized format (often called system error messages) and output from debug commands. These messages are generated during network operation to assist users and Cisco TAC engineers with identifying the type and severity of a problem, or to aid users in monitoring router activity. Syslog messages can be sent to the console, a monitor (TTY and Telnet connections), the system buffer, or to remote hosts.
Note The system message logging process in Cisco IOS software is abbreviated as "syslog". The messages generated by this process are called "syslog messages". However, syslog messages are also referred to in Cisco IOS documenation as "system error messages" or "SEMs". Note that syslog messages are not restricted to error conditions, and can reflect purely informational messages.
XML, a derivative of SGML, provides a representation scheme to structuralize consistently formatted data such as that found in syslog messages.
The XML Interface to Syslog Messages features provides CLI commands for enabling syslog messages to be sent in an XML format. Logs in a standardized XML format can be more readily used in external customized monitoring tools. Within the Cisco IOS software, a closed set of meaningful XML tags are defined and, when enabled, applied to the syslog messages sent to the console, monitor, buffer, or to remote hosts.
Two system logging formats exist in Cisco IOS software: the standard logging format and the XML logging format. This means that you can specify that the standard syslog messages be sent to one remote host while the XML-formatted syslog messages are sent to another host. Similarly, if logging messages are sent to the system buffer, the XML logging buffer is separate from the standard logging buffer, and you can have the standard and XML logging buffers running at the same time.
The XML logging process is dependant on the standard logging process. In most cases, settings for the standard logging process carry over to the XML logging process. For example, the severity level for the logging buffered xml command is determined by the level set for the standard logging buffered command (or, if not set, by the default severity level for the standard buffer). Similarly, the default size of the XML logging buffer is the same as the standard logging buffer's default (the default buffer size varies by platform).
System logging messages take the following format:
%<facility>-<severity>-<mnemonic>: <message-text>
For example:
%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Usually, these messages are proceeded by additional text, such as the timestamp and message sequence number:
<sequence-number>: <date or system-up-time> <time>:%<facility>-<severity>-<mnemonic>: <message-text>
For example:
000013: Mar 18 14:52:10.039:%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Note The timestamp format used in system logging messages is determined by the service timestamps global configuration mode command. The service sequence-numbers global configuration command enables or disables the leading sequence number. An asterix (*) before the time indicates that the time may be incorrect because the system clock has not synchronized to a reliable time source.
Table 1 shows the XML tags applied to syslog messages (the XML formatting):
The following example shows a syslog message in standard format, followed by the same message with XML formatting applied:
Standard Syslog Message Format
000013: *Oct 11 14:52:10.039: %SYS-5-CONFIG_I: Configured from console by vty0 (172.19.208.14)
XML Syslog Message Format
<ios-log-msg><facility>SYS</facility><severity>5</severity><msg-id>CONFIG_I</msg-id><seq>0 00013</seq><time>*Oct 11 14:52:10.039</time><args><arg id="0">console</arg><arg id="1">vty0 (172.19.208.14)</arg></args></ios-log-msg>
Note System logging messages include debugging messages when debugging is enabled on the router and logging is configured to record severity level 7 messages. However, debugging messages do not use the system logging message format. XML formatting will not, therefore, be applied to these messages.
Enabling logging in an XML format consists of simply using the appropriate logging command to indicate where syslog messages should be sent, followed by the xml keyword. Standard system message logging is enabled by default, but XML formatting of these messages is disabled by default.
As mentioned previously, the XML-formatted logging process is separate than (but dependant on) the standard logging process, so you can configure XML-formatted logging in addition to standard logging if the destination is a remote host or the system buffer.
To enable XML formatting for syslog messages, use one of the following commands in global configuration mode:
•logging console xml
•logging monitor xml
•logging buffered xml
•logging host {ip-address | host-name} xml
To view the status of logging and the contents of the XML logging buffer, use the show logging xml command in EXEC mode. To clear the contents of the XML logging buffer, use the clear logging xml command in EXEC mode.
In the following example, logging is enabled and then logging to the standard buffer and to the XML buffer is enabled. The last two show logging commands compare the difference between the standard syslog buffer and the XML syslog buffer.
Router# show logging
Syslog logging: disabled (10 messages dropped, 5 messages rate-limited, 6 flush)
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled, xml disabled
Logging Exception size (8192 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 31 message lines logged
Router# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# logging on
Router(config)# logging buffered
Router(config)# end
Router# show logging
Syslog logging: enabled (10 messages dropped, 5 messages rate-limited, 6 flushed)
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 1 messages logged, xml disabled
Logging Exception size (8192 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 32 message lines logged
Log Buffer (8192 bytes):
1w0d: %SYS-5-CONFIG_I: Configured from console by console
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# logging buffered xml
Router(config)# end
Router# show logging
Syslog logging: enabled (10 messages dropped, 5 messages rate-limited, 6 flushes, 0 overruns, xml enabled)
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 2 messages logged, xml enabled (1 messages logged)
Logging Exception size (8192 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 33 message lines logged
Log Buffer (8192 bytes):
1w0d: %SYS-5-CONFIG_I: Configured from console by console
1w0d: %SYS-5-CONFIG_I: Configured from console by console
Router# show logging xml
<syslog-logging status="enabled" msg-dropped="10" msg-rate-limited="5" flushes="6" overruns="0"><xml>enabled</xml></syslog-logging>
<console-logging>disabled</console-logging>
<monitor-logging>disabled</monitor-logging>
<buffer-logging level="debugging" messages-logged="2"><xml messages-logged="1">enabled</xml></buffer-logging>
<logging-exception size="8192 bytes"></logging-exception>
<count-and-timestamp-logging status="disabled"></count-and-timestamp-logging>
<trap-logging level="informational" messages-lines-logged="33"></trap-logging>
<log-xml-buffer size="8192 bytes"></log-xml-buffer>
<ios-log-msg><facility>SYS</facility><severity>5</severity><msg-id>CONFIG_I</msg-id><time> 1w0d</time><args><arg id="0">console</arg><arg id="1">console</arg></args></ios-log-msg>
|
|
---|---|
System message logging |
|
Debug-level system messages |
XML is not currently an Internet Standard. The XML 1.0 Recommendation ("Extensible Markup Language (XML) 1.0 (Second Edition)") is defined at http://www.w3.org/TR/. See also RFC 3076.
|
|
---|---|
— |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
|
|
---|---|
RFC 3470 |
"Guidelines for the Use of Extensible Markup Language (XML) within IETF Protocols" (Status: BEST CURRENT PRACTICE) |
1 Not all supported RFCs are listed. |
Table 2 lists the release history for this feature.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 2 lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Note Refer to the Internetworking Terms and Acronyms for terms not included in this glossary.
console—In the context of this feature, specifies the connection (CTY or console line) to the console port of the router. Typically, this is a terminal attached directly to the console port, or a PC with a terminal emulation program. Corresponds to the show terminal command.
monitor—In the context of this feature, specifies the TTY (TeleTYpe) line connection at a line port. In other words, the "monitor" keyword corresponds to a TTY line connection or a Telnet (terminal emulation) connection. TTY lines (also called ports) communicate with peripheral devices such as terminals, modems, and serial printers. An example of a TTY connection is a PC with a terminal emulation program connected to the device using a dial-up modem.
SEMs—Abbreviation for system error messages. "System error messages" is a term sometimes used for messages generated by the system logging (syslog) process. Syslog messages use a standardized format, and come in 8 severity levels, from "emergencies" (level 0) to "debugging" (level 7). The term "system error message" is actually misleading, as these messages can include notifications of router activity beyond "errors" (such as informational notices).
syslog—Abbreviation for the system message logging process in Cisco IOS software. Also used to identify the messages generated, as in "syslog messages." Technically, the term "syslog" refers only to the process of logging messages to a remote host or hosts, but is commonly used to refer to all Cisco IOS system logging processes.
trap—A trigger in the system software for sending error messages. In the context of this feature, "trap logging" means logging messages to a remote host. The remote host is actually a syslog host from the perspective of the device sending the trap messages, but because the receiving device typically provides collected syslog data to other devices, the receiving device is also referred to as a "syslog server."