The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes system messages, as defined by the syslog protocol (RFC 3164). It describes how to understand the syslog message format and how to capture system messages for review.
This chapter contains the following sections:
•Capturing System Messages and History
System log messages begin with a percent sign (%) and are displayed in the following formats:
•Syslog Format On a Resident Switch
•Syslog Format On a Remote-Logging Server
The format for a resident syslog is:
month dd hh:mm:ss switchname facility-severity-MNEMONIC description
or
month dd hh:mm:ss switchname facility-SLOTnumber-severity-MNEMONIC description
or
month dd hh:mm:ss switchname facility-STANDBY-severity-MNEMONIC description
For example:
Nov 1 14:07:58 excal-113 %MODULE-5-MOD_OK: Module 1 is online
Nov 1 14:07:58 excal-113 %PORT-3-IF_UNSUPPORTED_TRANSCEIVER: Transceiver for interface fc1/13 is not supported
.
FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the system message refers. A facility is a hardware device, a protocol, a feature, or a module of the system software.
System message SEVERITY codes range from 0 to 7 and reflect the severity of the condition. The lower the number, the more serious the situation. Table 1-2 lists the severity levels.
MNEMONIC is a code that uniquely identifies the system message.
Message-text is a text string that describes the condition. This portion of the message might contain detailed information about the event, including terminal port numbers, network addresses, or addresses that correspond to locations in the system memory address space. Because the information in these variable fields changes from message to message, it is represented here by short strings enclosed in square brackets ([ ]). A decimal number, for example, is represented as [dec].
Table 1-3 lists the representations of variable fields and the type of information in the fields.
|
|
---|---|
[dec] |
Decimal number |
[hex] |
Hexadecimal number |
[char] |
Single character |
[chars] |
Character string |
The following example system message shows how the variable field might be used:
%MODULE-5-MOD_MINORSWFAIL: Module [dec] reported a failure in service [chars]
In this example,
Facility code =MODULE (indicating that it is a module-specific error)
Severity =5 (notification)
Alarm/event code= MOD_MINORSWFAIL
Description of the problem= Module [dec] reported a failure in service [chars]
[dec] is the module slot number associated with this message.
[chars] is the service name that experienced this failure.
System log messages begin with a percent sign (%) and are displayed in the following format (see Table 1-4).
The syslog format on a remote-logging server is:
month dd hh:mm:ss IP-addr-switch : year month day hh:mm:ss Timezone: facility-severity-MNEMONIC description
or
month dd hh:mm:ss IP-addr-switch : year month day hh:mm:ssTimezone: facility-SLOTnumber-severity-MNEMONIC description
or
month dd hh:mm:ss IP-addr-switch : year month day hh:mm:ss Timezone: facility-STANDBY-severity-MNEMONIC description
For example:
sep 21 11:09:50 172.22.22.45 : 2005 Sep 04 18:18:22 UTC: %AUTHPRIV-3-SYSTEM_MSG: ttyS1:
togetattr: Input/output error - getty[28224]
switch resident syslog 2005 Sep 4 18:18:22 switch %AUTHPRIV-3-SYSTEM_MSG: ttyS1:
togetattr: Input/output error - getty[28224]
time on switch : 2005 Sep 4 18:18:22 time on Loggng Server : Sep 21 11:09:50
fc1/13 is not supported
.
FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the system message refers. A facility is a hardware device, a protocol, a feature, or a module of the system software.
System message SEVERITY codes range from 0 to 3 and reflect the severity of the condition. The lower the number, the more serious the situation. Table 1-5 lists the severity levels.
MNEMONIC is a code that uniquely identifies the system message.
Message-text is a text string that describes the condition. This portion of the message might contain detailed information about the event, including terminal port numbers, network addresses, or addresses that correspond to locations in the system memory address space. Because the information in these variable fields changes from message to message, it is represented here by short strings enclosed in square brackets ([ ]). A decimal number, for example, is represented as [dec].
Table 1-6 lists the representations of variable fields and the type of information in the fields.
|
|
---|---|
[dec] |
Decimal number |
[hex] |
Hexadecimal number |
[char] |
Single character |
[chars] |
Character string |
The following example system message shows how the variable field might be used:
%AUTHPRIV-3-SYSTEM_MSG: AUTHPRIV [dec] reported a failure in service [chars]
In this example,
Facility code =AUTHPRIV (indicating that it is a authpriv-specific error)
Severity =3 (notification)
Alarm/event code= SYSTEM_MSG
Description of the problem= Authpriv [dec] reported a failure in service [chars]
[dec] is the module slot number associated with this message.
[chars] is the service name that experienced this failure.
The system messages are displayed instantly on the console, by default, or are redirected to an internal log file, or a syslog server. System message severity levels correspond to the keywords assigned by the logging global configuration commands. These keywords define where and at what level these messages appear (see to the Cisco NX-OS System Management Configuration Guide). Only system messages that correspond to the configured logging level or higher severity messages are logged. As an example, if you set the logging level to 3 (error), then you get error, critical, alerts, and emergency system messages, but you do not get warning, notification, informational, or debugging system messages.
For complete information about handling system messages, see the Cisco NX-OS System Management Configuration Guide, Release 4.1.
The logging logfile global configuration command enables copying of system messages to an internal log file and optionally sets the size of the file. To display the messages that are logged in the file, use the show logging EXEC command. The first message displayed is the oldest message in the buffer. To clear the current contents of the buffer, use the clear debug-logfile command.
The logging host-name command identifies a syslog server host to receive logging messages. The host-name argument is the name or Internet address of the host. By issuing this command more than once, you build a list of syslog servers that receive logging messages. The no logging host-name command deletes the syslog server with the specified address from the list of syslog servers.