Catalyst 4500 Series Software Configuration Guide, 8.3 GLX and 8.4GLX
Configuring System Message Logging
Download this chapter
Configuring System Message LoggingConfiguring System Message Logging
Download the complete book
Book-length PDF:Catalyst 4500 Series Software Configuration Guide, 8.3GLX and 8.4GLXBook-length PDF:Catalyst 4500 Series Software Configuration Guide, 8.3GLX and 8.4GLX (PDF - 6 MB)
give_us_feedback

Table Of Contents

Configuring System Message Logging

Understanding How System Message Logging Works

System Log Message Format

Default System Message Logging Configuration

System Log Message Format

Configuring System Message Logging on the Switch

Configuring Session Logging Settings

Configuring the System Message Logging Levels

Enabling and Disabling the Logging Time Stamp

Setting the Logging Buffer Size

Limiting the Number of syslog Messages

Configuring the syslog Daemon on a UNIX syslog Server

Configuring syslog Servers

Displaying the Logging Configuration

Displaying System Messages


Configuring System Message Logging

This chapter describes how to configure system message logging on the Catalyst enterprise LAN switches.

Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Command Reference.

This chapter consists of these sections:

Understanding How System Message Logging Works

Default System Message Logging Configuration

System Log Message Format

Configuring System Message Logging on the Switch

Understanding How System Message Logging Works

The system message logging software can save messages in a log file or direct the messages to other devices. With the system message logging facility, you can do the following:

Get logging information for monitoring and troubleshooting

Select the types of captured logging information

Select the destination of captured logging information

By default, the switch logs normal but significant system messages to its internal buffer and sends these messages to the system console. You can specify which system messages should be saved based on the type of facility (see Table 37-1) and the severity level (see Table 37-3). Messages are time-stamped to enhance real-time debugging and management.

You can access logged system messages using the switch CLI or by saving them to a properly configured syslog server. The switch software saves syslog messages in an internal buffer that can store up to 1024 messages. You can monitor system messages remotely by accessing the switch through Telnet or the console port, or by viewing the logs on a syslog server.

Note When the switch first initializes, the network is not connected until the initialization completes. Messages that are redirected to a syslog server are delayed up to 90 seconds.

Table 37-1 describes the facility types that are supported by the system message logs.

Table 37-1 System Message Log Facilities 

Facility Name
Definition

acl

Access Control Lists

cdp

Cisco Discovery Protocol

cops

Common Open Policy Service

drip

Dual Ring Protocol

dtp

Dynamic Trunking Protocol

dvlan

Dynamic VLAN

earl

Enhanced Address Recognition Logic

ethc

Ethernet Channel

filesys

Flash file system

gl2pt

Generic Layer Protocol Tunneling

gvrp

GARP VLAN Registration Protocol

ip

IP permit list

kernel

Kernel

mcast

Multicast messages

mgmt

Management messages

pagp

Port Aggregation Protocol

protfilt

Protocol filtering

pruning

VTP pruning

pvlan

Private VLAN

qos

Quality of Service

radius

RADIUS authentication

rsvp

Resource reSerVation Protocol

security

Port security

snmp

Simple Network Management Protocol

spantree

Spanning-Tree Protocol

sys

System

tac

TACACS+ authentication

tcp

Transmission Control Protocol

telnet

Terminal emulation protocol in the TCP/IP protocol stack

tftp

Trivial File Transfer Protocol

udld

UniDirectional Link Detection

vmps

VLAN Membership Policy Server

vtp

VLAN Trunking Protocol


System Log Message Format

System log messages begin with a percent sign (%) and can contain up to 80 characters. Messages are displayed in the following format:

mm/dd/yyy:hh/mm/ss:facility-severity-MNEMONIC:description

Table 37-2 describes the elements of syslog messages.

Table 37-2 System Log Message Elements

Element
Description

mm/dd/yyy:hh/mm/ss

Date and time of the error or event. This information appears only if you configure this with the set logging timestamp enable command.

facility

Indicates the facility to which the message refers (for example, SNMP, SYS, etc.).

severity

Single-digit code from 0 to 7 that indicates the severity of the message.

MNEMONIC

Text string that uniquely describes the error message.

description

Text string containing detailed information about the event being reported.


This example shows typical switch system messages (at system startup): 

1999 Apr 16 10:01:26 %MLS-5-MLSENABLED:IP Multilayer switching is enabled

1999 Apr 16 10:01:26 %MLS-5-NDEDISABLED:Netflow Data Export disabled

1999 Apr 16 10:01:26 %SYS-5-MOD_OK:Module 1 is online

1999 Apr 16 10:01:47 %SYS-5-MOD_OK:Module 3 is online

1999 Apr 16 10:01:42 %SYS-5-MOD_OK:Module 6 is online

1999 Apr 16 10:02:27 %PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1

1999 Apr 16 10:02:28 %PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/2

Default System Message Logging Configuration

Table 37-3 describes the severity levels that are supported by the system message logs.

Table 37-3 Definitions of System Message Log Severity Levels 

Severity Level
Keyword
Description

0

emergencies

System unusable

1

alerts

Immediate action required

2

critical

Critical condition

3

errors

Error conditions

4

warnings

Warning conditions

5

notifications

Normal but significant conditions

6

informational

Informational messages

7

debugging

Debugging messages


System Log Message Format

System log messages begin with a percent sign (%) and can contain up to 80 characters. Messages are displayed in the following format:

mm/dd/yyy:hh/mm/ss:facility-severity-MNEMONIC:description

Table 37-4 describes the elements of syslog messages.

Table 37-4 System Log Message Elements  

Element
Description

mm/dd/yyy:hh/mm/ss

Date and time of the error or event. This information appears only if you configure this with the set logging timestamp enable command.

facility

Indicates the facility to which the message refers (for example, SNMP, SYS, etc.).

severity

Single-digit code from 0 to 7 that indicates the severity of the message.

MNEMONIC

Text string that uniquely describes the error message.

description

Text string containing detailed information about the event being reported.


This example shows typical switch system messages (at system startup): 

1999 Apr 16 10:01:26 %MLS-5-MLSENABLED:IP Multilayer switching is enabled

1999 Apr 16 10:01:26 %MLS-5-NDEDISABLED:Netflow Data Export disabled

1999 Apr 16 10:01:26 %SYS-5-MOD_OK:Module 1 is online

1999 Apr 16 10:01:47 %SYS-5-MOD_OK:Module 3 is online

1999 Apr 16 10:01:42 %SYS-5-MOD_OK:Module 6 is online

1999 Apr 16 10:02:27 %PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1

1999 Apr 16 10:02:28 %PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/2

Configuring System Message Logging on the Switch

The following sections describe how to configure system message logging on the switch.

Configuring Session Logging Settings

By default, system logging messages are sent to console and Telnet sessions that are based on the default logging facility and severity values. If desired, you can disable logging to the console or logging to a given Telnet session.

When you disable or enable logging to console sessions, the enable state is applied to all future console sessions. For example, if you disable logging to the console, disconnect from the console port, and later reconnect, logging is still disabled for the console.

When you disable or enable logging to a Telnet session, the enable state is applied only to that session. If you disable logging to a Telnet session, disconnect the session, and later reconnect, logging is enabled for the new session.

Note If you enter the set logging session command while you are connected through the console port, the command has the same effect as entering the set logging console command. However, if you enter the set logging console command while you are connected through a Telnet session, the default console logging enable state is changed.

To configure the logging enable state for console sessions, perform this task in privileged mode:

 
Task
Command

Step 1 

Configure the default logging enable state for console sessions.

set logging console {enable | disable}

Step 2 

Verify the logging configuration.

show logging [noalias]

This example shows how to configure the logging disabled state for the current and future console sessions: 

Console> (enable) set logging console disable

System logging messages will not be sent to the console.

Console> (enable)

To change the logging enable state for the current Telnet session, perform this task in privileged mode:

 
Task
Command

Step 1 

Change the logging enable state for a Telnet session.

set logging session {enable | disable}

Step 2 

Verify the logging configuration.

show logging [noalias]

This example shows how to disable logging to the current Telnet session: 

Console> (enable) set logging session disable

System logging messages will not be sent to the current login session.

Console> (enable)

Configuring the System Message Logging Levels

You can change the severity level for each logging facility using the set logging level command. Enter the all keyword to specify all facilities. Enter the default keyword to make the specified severity level the default for the specified facilities. If you do not use the default keyword, the specified severity level applies only to the current session.

To change the system message logging severity level setting for a logging facility, perform this task in privileged mode:

 
Task
Command

Step 1 

Set the severity level for logging facilities.

set logging level {all | facility} severity [default]

Step 2 

Verify the system message logging configuration.

show logging [noalias]

This example shows how to set the logging severity level to 5 for all facilities (for the current session only): 

Console> (enable) set logging level all 5

All system logging facilities for this session set to severity 5(notifications)

Console> (enable)

This example shows how to set the default logging severity level to 3 for the cdp facility: 

Console> (enable) set logging level cdp 3 default

System logging facility <cdp> set to severity 3(errors)

Console> (enable)

Enabling and Disabling the Logging Time Stamp

To enable or disable the logging time stamp, perform this task in privileged mode:

 
Task
Command

Step 1 

Enable or disable the logging time stamp.

set logging timestamp {enable | disable}

Step 2 

Verify the logging time-stamp state.

show logging [noalias]

This example shows how to enable the time-stamp display on system logging messages: 

Console> (enable) set logging timestamp enable

System logging messages timestamp will be enabled.

Console> (enable)

Setting the Logging Buffer Size

To set the number of messages to log to the logging buffer, perform this task in privileged mode:

 
Task
Command

Step 1 

Set the number of messages to log to the logging buffer.

set logging buffer buffer_size

Step 2 

Verify the system message logging configuration.

show logging [noalias]

This example shows how to set the logging buffer size to 200 messages: 

Console> (enable) set logging buffer 200

System logging buffer size set to <200>

Console> (enable)

Limiting the Number of syslog Messages

You can limit the number of syslog messages that are sent to the history table and the SNMP network management station based on severity. The default severity is set to warnings(4).

To limit the number of syslog messages, perform this task in privileged mode:

 
Task
Command

Step 1 

Limit the number of syslog messages.

set logging history severity severity_level

Step 2 

Verify the system message logging configuration.

show logging

This example shows how to limit the number of syslog messages to messages with a severity level of notifications(5): 

Console> (enable) set logging history severity 5

System logging history set to severity <5>

Console> (enable)

Configuring the syslog Daemon on a UNIX syslog Server

Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server.

To configure the syslog daemon, follow these steps:

Step 1 Log in to the UNIX server as root.

Step 2 Add a line such as the following to the file /etc/syslog.conf:

user.debug                   /var/log/myfile.log

Note There must be five tab characters between user.debug and /var/log/myfile.log. Refer to entries in the /etc/syslog.conf file for further examples.

The switch sends messages according to specified facility types and severity levels. The user keyword specifies the UNIX logging facility that is used. The messages from the switch are generated by user processes. The debug keyword specifies the severity level of the condition that is being logged. You can set UNIX systems to receive all messages from the switch.

Step 3 Create the log file by entering these commands at the UNIX shell prompt: 

$ touch /var/log/myfile.log

$ chmod 666 /var/log/myfile.log


Make sure that the syslog daemon reads the new changes by entering this command: 


$ kill -HUP `cat /etc/syslog.pid

Configuring syslog Servers

Note Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on the UNIX server as described in the "Configuring the syslog Daemon on a UNIX syslog Server" section.

To configure the switch to log messages to a syslog server, perform this task in privileged mode:

 
Task
Command

Step 1 

Specify the IP address of as many as three syslog servers.

set logging server ip_addr

Step 2 

Set the facility and severity levels for syslog server messages.

set logging server facility server_facility_parameter

set logging server severity server_severity_level

Step 3 

Enable system message logging to configured syslog servers.

set logging server enable

Step 4 

Verify the configuration.

show logging [noalias]

This example shows how to specify a syslog server, set the facility and severity levels, and enable logging to the server: 

Console> (enable) set logging server 10.10.10.100

10.10.10.100 added to System logging server table.

Console> (enable) set logging server facility local5

System logging server facility set to <local5>

Console> (enable) set logging server severity 5

System logging server severity set to <5>

Console> (enable) set logging server enable

System logging messages will be sent to the configured syslog servers.

Console> (enable)

To delete a syslog server from the syslog server table, perform this task in privileged mode:

Task
Command

Delete a syslog server from the syslog server table.

clear logging server ip_addr


This example shows how to delete a syslog server from the syslog server table: 

Console> (enable) clear logging server 10.10.10.100

System logging server 10.10.10.100 removed from system logging server table.

Console> (enable)

To disable logging to the syslog server, perform this task in privileged mode:

Task
Command

Disable system message logging to configured syslog servers.

set logging server disable


This example shows how to disable logging to syslog servers: 

Console> (enable) set logging server disable

System logging messages will not be sent to the configured syslog servers.

Console> (enable)

Displaying the Logging Configuration

Enter the show logging command to display the current system message logging configuration. Enter the noalias keyword to display the IP addresses instead of the host names of the configured syslog servers.

To display the current system message logging configuration, perform this task:

Task
Command

Display the current system message logging configuration.

show logging [noalias]


This example shows how to display the current system message logging configuration: 

Console> (enable) show logging


Logging buffer size:          200

        timestamp option:     disabled

Logging history size:         1

            severity:        notifications(5)

Logging console:              enabled

Logging server:               enabled

{syslog.bigcorp.com}

        server facility:      LOCAL5

        server severity:      notifications(5)

Facility            Default Severity         Current Session Severity

-------------       -----------------------  ------------------------

cdp                 3                        3                    

drip                2                        5                    

dtp                 5                        5                    

dvlan               2                        5                    

earl                2                        5                    

fddi                2                        5                    

filesys             2                        5                    

gvrp                2                        5                    

ip                  2                        5                    

kernel              2                        5                    

mcast               2                        5                    

mgmt                5                        5                    

mls                 5                        5                    

pagp                5                        5                    

protfilt            2                        5                    

pruning             2                        5                    

radius              2                        5                    

security            2                        5                    

snmp                2                        5                    

spantree            2                        5                    

sys                 5                        5                    

tac                 2                        5                    

tcp                 2                        5                    

telnet              2                        5                    

tftp                2                        5                    

udld                4                        5                    

vmps                2                        5                    

vtp                 2                        5                    


0(emergencies)        1(alerts)             2(critical)           

3(errors)             4(warnings)           5(notifications)      

6(information)        7(debugging)          

Console> (enable)

Displaying System Messages

Use the show logging buffer command to display the messages in the switch logging buffer. If you do not specify number_of_messages, the default is to display the last 20 messages in the buffer.

To display the messages in the switch logging buffer, perform one of these tasks:

Task
Command

Display the first number_of_messages messages in the buffer.

show logging buffer [number_of_messages]

Display the last number_of_messages messages in the buffer.

show logging buffer -[number_of_messages]


This example shows how to display the first five messages in the buffer: 

Console> (enable) show logging buffer 5

1999 Apr 16 08:40:11 %SYS-5-MOD_OK:Module 1 is online

1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 3 is online

1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 2 is online

1999 Apr 16 08:41:15 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/1

1999 Apr 16 08:41:15 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/2

This example shows how to display the last five messages in the buffer: 

Console> (enable) show logging buffer -5

%PAGP-5-PORTFROMSTP:Port 3/1 left bridge port 3/1

%SPANTREE-5-PORTDEL_SUCCESS:3/2 deleted from vlan 1 (PAgP_Group_Rx)

%PAGP-5-PORTFROMSTP:Port 3/2 left bridge port 3/2

%PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1-2

%PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/1-2

Console> (enable)