Cisco IOS XR Virtual Firewall Configuration Guide, Release 3.8
Configuring System Message Logging on the Virtual Firewall
Download this chapter
Configuring System Message Logging on the Virtual FirewallConfiguring System Message Logging on the Virtual Firewall
Download the complete book
Cisco IOS XR Virtual Firewall Configuration GuideCisco IOS XR Virtual Firewall Configuration Guide (PDF - 6 MB)
 Feedback

Table Of Contents

Configuring System Message Logging on the Virtual Firewall

Contents

Information About System Message Logging

Logging Overview

Log Message Format

Logging Severity Levels

Variables

How to Configure System Message Logging

Configuring System Message Logging

Prerequisites

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance


Configuring System Message Logging on the Virtual Firewall

This module describes how to configure system message logging on the VFW application. Each VFW application contains a number of log files that retain records of specified VFW application-related activities and the performance of various VFW application functions. You can access these log files using the VFW application CLI to troubleshoot problems or to better understand the behavior of the VFW application.

Feature History for Configuring System Message Logging on the VFW Application

Release
Modification

Release 3.5.0

This feature was introduced on the multiservice blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Contents

Information About System Message Logging

How to Configure System Message Logging

Additional References

Information About System Message Logging

This section includes the following topics:

Logging Overview

Log Message Format

Logging Severity Levels

Variables

Logging Overview

The system message logging function of the VFW application saves these messages in a log file and allows you to send the logging messages to one or more output locations. System log messages provide you with logging information for monitoring and troubleshooting the operation of the VFW application. By default, messages are not saved in a log file. You must enable the transmission of syslog messages to a specified output location.

The logging configuration is flexible and enables you to customize many aspects of how the VFW application handles system messages. Using the system message logging feature, you can do the following:

Specify one or more output locations where messages should be sent, including the console, an internal buffer, one or more syslog servers, an SNMP network management station, Telnet or SSH sessions, the route processor, or flash memory on the VFW application.

Specify which messages should be logged.

Specify the severity level of a message.

Enable time stamps.

Specify the unique device ID of the VFW application that is sent to a syslog server.

Change the size of the logging message queue.

Limit the rate at which the VFW application generates messages in the syslog.

Reject new connections if a specified condition has been reached.

Enable the logging of connection setup and teardown messages.

If the VFW application is operating in multiple-context mode, you can configure the VFW application to include an identifier for the virtual context and the virtual user responsible for executing the function in the log message.

To view logs generated by the VFW application, you must configure an output location. You can choose to send all messages, or subsets of messages, to one or more output locations. You can limit which messages are sent to an output location by specifying the severity level of the message. Severity level values are 0 to 7; the lower the level number, the more severe the error. See Table 18 for a listing of the log message severity levels.

Note Not all system messages indicate an error condition. Some messages report normal events or log a configuration change.

The level you specify causes the VFW application to apply the command to messages of that level or lower. For example, if you enter a command that specifies severity level 3, the VFW application applies the command results to messages with a severity level of 0, 1, 2, and 3.

The VFW application saves syslog messages in an internal buffer that can store up to 8192 messages. By default, the VFW application can hold 100 syslog messages in the message queue while awaiting processing.

The VFW application supports the EMBLEM syslog format for logging with each syslog server. The EMBLEM syslog format is designed to be consistent with the Cisco IOS software format and is more compatible with CiscoWorks management applications. EMBLEM-format logging is available for UDP syslog messages only.

Log Message Format

System log messages begin with a percent sign (%) and are structured as follows: 

%<ACE>-Level-[Subfacility]-Message_number: Message_text

ACE

Identifies the message facility code for messages generated by the VFW application. This value is always ACE.

Level

The level reflects the severity of the condition described by the message. The levels are 0 to 7. The lower the number, the more severe the condition. See Table 18 for a summary of logging severity levels. See the "Messages Listed by Severity Level" section for a listing of VFW application system log messages by severity code.

Subfacility

(Optional) Indicates the name of the component or subcomponent that initiated the system log message (for example, IFMGR).

Message_number

A unique 6-digit number that identifies the message. See the "Appendix B: Virtual Firewall System Messages" module, for a detailed list of the VFW application system log messages. The messages are listed numerically by message code.

Message_text

A text string describing the condition. This portion of the message sometimes includes virtual context, virtual user, IP addresses, port numbers, usernames, and so on.


Note Syslog messages received at the VFW application serial console contain only the code portion of the message.

Logging Severity Levels

You instruct the VFW application about which system messages to log by specifying a logging level. The logging level designates that the VFW application logs emergency, alert, critical, error, or warning messages for the various software functions. The VFW application also logs notification, informational, and debugging messages. The VFW application supports eight logging levels to identify a wide range of critical and noncritical logged events that may occur on the VFW application.

Table 18 lists the log message severity levels.

Table 18 Log Message Severity Levels 

Level Number
Level Keyword
Description

0

emergency

System unusable (for example, the VFW application has shut down and cannot be restarted, or it has experienced a hardware failure).

1

alert

Immediate action needed (for example, one of the VFW application subsystems is not running).

2

critical

Critical condition (for example, the VFW application has encountered a critical condition that requires immediate attention.

3

error

Error condition (for example, error messages about software or hardware malfunctions).

4

warning

Warning condition (for example, the VFW application encountered an error condition that requires attention but is not interfering with the operation of the device).

5

notification

Normal but significant condition (for example, interface up/down transitions and system restart messages).

6

informational

Informational message only (for example, reload requests and low-process stack messages).

7

debugging

Appears during debugging only.


Variables

Log messages often contain variables. Table 19 lists most variables that are used in this guide to describe VFW application log messages. Some variables that appear in only one log message are not listed.

Table 19 Variable Fields in Syslog Messages 

Type
Variable
Type of Information

Misc.

command

Command name.

device

Memory storage device. For example, Flash memory, TFTP, the failover standby unit, or the console terminal.

filename

Filename of the type VFW application image or configuration.

privilege_level

User privilege level.

reason

Text string describing the reason for the message.

string

Text string (for example, a username).

url

URL.

user

Username.

Numbers

number

Number. The exact form depends on the log message.

bytes

Number of bytes.

code

Decimal number returned by the message to indicate the cause or source of the error, depending on the message.

connections

Number of connections.

time

Duration, in the format hh:mm:ss.

dec

Decimal number.

hex

Hexadecimal number.

octal

Octal number.

Addresses

IP_address

IP address in the form n.n.n.n, where n is an integer from 1 to 255.

MAC_address

MAC address.

global_address

Global IP address, an address on a lower security level interface.

source_address

Source address of a packet.

dest_address

Destination address of a packet.

real_address

Real IP address, before Network Address Translation (NAT).

mapped_address

Translated IP address.

gateway_address

Network gateway IP address.

netmask

Subnet mask.

Interfaces

interface_number

Interface number, 1 to n, where the number is determined by the order the interfaces load in the VFW. Use the show system internal ifmgr iftable command to view detailed information about the interfaces.

interface_name

Name assigned to the interface. Use the show interface command to view the interfaces and their names.

Ports, Services, and Protocols

port

TCP or UDP port number.

source_port

Source port number.

dest_port

Destination port number.

real_port

Real port number, before NAT.

mapped_port

Translated port number.

global_port

Global port number.

protocol

Protocol of the packet; for example, ICMP, TCP, or UDP.

service

Service specified by the packet, for example, SNMP or Telnet.


How to Configure System Message Logging

This section describes the following task:

Configuring System Message Logging

Configuring System Message Logging

This task illustrates the steps required to configure system message logging on the VFW application.

Prerequisites

You must attach from the route processor to the VFW application before you can perform this task. See the "Attaching to the VFW Application" section.

SUMMARY STEPS

1. changeto context_name

2. configure

3. logging enable

4. logging host ip_address

5. logging trap severity_level

6. logging history severity_level
snmp-server enable traps

7. logging buffered severity_level

8. logging rp severity_level

9. logging timestamp

10. logging queue queue_size

11. clear logging

12. exit

13. copy running-config startup-config

14. show logging

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

changeto context_name

Example:

firewall/Admin# changeto C1

firewall/C1#

Logs into the correct context. If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the desired context.

Note The rest of the examples in this task use the Admin context. For details on creating contexts, see the "Configuring Virtualization on the Virtual Firewall" module.

Step 2 

configure

Example:

firewall/Admin# configure

Enter configuration commands, one per line. End with CNTL/Z.

firewall/Admin(config)#

Enters global configuration mode. You are now within configuration mode of the VFW application.

Step 3 

logging enable

Example:

firewall/Admin(config)# logging enable

Enables logging to send system log messages to one or more output locations.

Step 4 

logging host ip_address

Example:

firewall/Admin(config)# logging host 192.168.10.1

Configures the VFW application system software to send system logging messages to a syslog server.

Step 5 

logging trap severity_level

Example:

firewall/Admin(config)# logging trap 6

(Optional) Limits the number of messages sent to a syslog server based on severity. Allowable values for severity_level are provided in Table 20.

Step 6 

logging history severity_level

snmp-server enable traps

Example:

firewall/Admin(config)# logging history 7

firewall/Admin(config)# snmp-server enable traps

Specifies the SNMP trap message severity level and sends SNMP traps and inform requests to an NMS. For details on configuring SNMP, refer to the "Configuring SNMP on the Virtual Firewall" module.

The severity_level argument specifies the maximum level for system log messages sent as traps to the NMS. Allowable values are provided in Table 20.

Step 7 

logging buffered severity_level

Example:

firewall/Admin(config)# logging buffered 3

Enables system logging to a local buffer and limits the messages sent to the buffer based on severity. Allowable values for severity_level are provided in Table 20.

Step 8 

logging rp severity_level

Example:

firewall/Admin(config)# logging rp severity_level

Forwards syslog messages to the router processor. Allowable values for severity_level are provided in Table 20.

Step 9 

logging timestamp

Example:

firewall/Admin(config)# logging timestamp

(Optional) Enables the display of a time stamp on system logging messages.

Step 10 

logging queue queue_size

Example:

firewall/Admin(config)# logging queue 100

(Optional) Changes the number of syslog messages that can appear in the message queue while awaiting processing. The queue_size argument can range from 1 to 8192 messages.

Step 11 

clear logging

Example:

firewall/Admin(config)# clear logging

(Optional) Clears the syslog messages contained in the message buffer created with the logging buffered command in configuration mode.

Step 12 

exit

Example:

firewall/Admin(config)# exit

firewall/Admin#

Exits global configuration mode.

Step 13 

copy running-config startup-config

Example:

firewall/Admin# copy running-config startup-config

(Optional) Saves your configuration changes to flash memory.

Step 14 

show logging

Example:

firewall/Admin# show logging

Displays the current severity level and state of all syslog messages stored in the buffer and information related to specific syslog messages.

Table 20 lists the allowable values for the severity_level argument in the various logging commands.

Table 20 Allowable Severity Levels 

Value
Description

0

emergencies (System unusable messages)

1

alerts (Take immediate action)

2

critical (Critical condition)

3

errors (Error message)

4

warnings (Warning message)

5

notifications (Normal but significant condition)

6

informational (Information message)

7

debugging (Debug messages)


Additional References

The following sections provide references related to system message logging.

Related Documents

Related Topic
Document Title

Virtual firewall logging command syntax

Logging Commands on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Command Reference


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport