-
Catalyst 6500 Series Software Configuration Guide, 8.7
-
Catalyst 6500 Series Switch Software Configuration Guide (Full-book PDF)
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2/PFC3
-
Configuring MLS
-
Configuring Access Control
-
Configuring NDE
-
Configuring GVRP
-
Configuring MVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Configuring Online Diagnostics
-
Administering the Switch
-
Configuring Redundancy
-
Configuring NSF with SSO MSFC Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring DHCP Snooping and IP Source Guard
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring Switch Access Using AAA
-
Configuring 802.1x Authentication
-
Configuring MAC Authentication Bypass
-
Configuring Web-Based Proxy Authentication
-
Tracking Host Aging
-
Configuring Network Admission Control
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN, RSPAN and the Mini Protocol Analyzer
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Configuring MSFC IOS Features
-
Acronyms
-
Table Of Contents
Configuring System Message Logging
Understanding How the System Message Logging Works
Default System Message Logging Configuration
Configuring the System Message Logging on the Switch
Enabling and Disabling the Session Logging Settings
Setting the System Message Logging Levels
Enabling and Disabling the Logging Time-Stamp Enable State
Setting the Logging Buffer Size
Limiting the Number of syslog Messages
Configuring the syslog Daemon on a UNIX syslog Server
Configuring the syslog Servers
Displaying the Logging Configuration
Displaying the System Messages
Enabling and Disabling the System syslog Dump
Specifying the System syslog Dump Flash Device and Filename
Configuring System Message Logging
This chapter describes how to configure the system message logging on the Catalyst 6500 series switches.
Note
For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.
Note
This chapter consists of these sections:
•
•
•
Understanding How the System Message Logging Works
The system message logging software can save messages in a log file or direct the messages to other devices. The system message logging facility has these features:
•
•
•
By default, the switch logs normal but significant system messages to its internal buffer and sends these messages to the system console. You can specify which system messages should be saved based on the type of facility (see Table 29-1) and the severity level (see Table 29-2). The messages are time-stamped to enhance real-time debugging and management.
You can access the logged system messages using the switch command-line interface (CLI) or by saving them to a properly configured syslog server. The switch software saves the syslog messages in an internal buffer that can store up to 500 messages. You can monitor the system messages remotely by accessing the switch through Telnet or the console port, or by viewing the logs on a syslog server.
If a system failure occurs, the system syslog-dump allows you to write the system messages in the syslog buffer to a flash file, capturing the pertinent syslog information before the system fails. If the system core dump is enabled, the syslog is dumped before the core.
Note
Table 29-1 describes the facility types that are supported by the system message logs.
Table 29-2 describes the severity levels that are supported by the system message logs.
System Log Message Format
The system log messages begin with a percent sign (%) and can contain up to 80 characters. The messages are displayed in this format:
mm/dd/yyy:hh/mm/ss:facility-severity-MNEMONIC:description
Table 29-3 describes the elements of the syslog messages.
This example shows some typical switch system messages (at system startup):
1999 Apr 16 10:01:26 %MLS-5-MLSENABLED:IP Multilayer switching is enabled1999 Apr 16 10:01:26 %MLS-5-NDEDISABLED:Netflow Data Export disabled1999 Apr 16 10:01:26 %SYS-5-MOD_OK:Module 1 is online1999 Apr 16 10:01:47 %SYS-5-MOD_OK:Module 3 is online1999 Apr 16 10:01:42 %SYS-5-MOD_OK:Module 6 is online1999 Apr 16 10:02:27 %PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/11999 Apr 16 10:02:28 %PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/2Default System Message Logging Configuration
Table 29-4 describes the default system message logging configuration.
Configuring the System Message Logging on the Switch
These sections describe how to configure the system message logging on the switch:
•
•
•
•
•
•
•
•
•
•
•
Enabling and Disabling the Session Logging Settings
By default, the system logging messages are sent to the console and Telnet sessions that are based on the default logging facility and severity values. If desired, you can disable logging to the console or logging to a given Telnet session.
When you disable or enable logging to the console sessions, the enable state is applied to all future console sessions. For example, if you disable logging to the console, disconnect from the console port, and later reconnect, logging is still disabled for the console.
When you disable or enable logging to a Telnet session, the enable state is applied only to that session. If you disable logging to a Telnet session, disconnect the session, and later reconnect, logging is enabled for the new session.
Note
To enable or disable the logging state for the console sessions, perform this task in privileged mode:
Step 1
Enable or disable the default logging state for the console sessions.
set logging console {enable | disable}
Step 2
Verify the logging configuration.
show logging [noalias]
This example shows how to disable logging to the current and future console sessions:
Console> (enable) set logging console disableSystem logging messages will not be sent to the console.Console> (enable)To enable or disable the logging state for the current Telnet session, perform this task in privileged mode:
Step 1
Enable or disable the logging state for a Telnet session.
set logging session {enable | disable}
Step 2
Verify the logging configuration.
show logging [noalias]
This example shows how to disable logging to the current Telnet session:
Console> (enable) set logging session disableSystem logging messages will not be sent to the current login session.Console> (enable)Setting the System Message Logging Levels
You can set the severity level for each logging facility using the set logging level command. Enter the all keyword to specify all facilities. Enter the default keyword to make the specified severity level the default for the specified facilities. If you do not enter the default keyword, the specified severity level applies only to the current session.
To set the system message logging severity level setting for a logging facility, perform this task in privileged mode:
This example shows how to set the logging severity level to 5 for all the facilities (for the current session only):
Console> (enable) set logging level all 5All system logging facilities for this session set to severity 5(notifications)Console> (enable)This example shows how to set the default logging severity level to 3 for the cdp facility:
Console> (enable) set logging level cdp 3 defaultSystem logging facility <cdp> set to severity 3(errors)Console> (enable)Enabling and Disabling the Logging Time-Stamp Enable State
To enable or disable the logging time-stamp state, perform this task in privileged mode:
Step 1
Enable or disable the logging time-stamp state.
set logging timestamp {enable | disable}
Step 2
Verify the logging time-stamp state.
show logging [noalias]
This example shows how to enable the time-stamp display on the system logging messages:
Console> (enable) set logging timestamp enableSystem logging messages timestamp will be enabled.Console> (enable)Setting the Logging Buffer Size
To set the number of messages to log to the logging buffer, perform this task in privileged mode:
Step 1
Set the number of messages to log to the logging buffer.
set logging buffer buffer_size
Step 2
Verify the system message logging configuration.
show logging [noalias]
This example shows how to set the logging buffer size to 200 messages:
Console> (enable) set logging buffer 200System logging buffer size set to <200>Console> (enable)Limiting the Number of syslog Messages
You can limit the number of syslog messages that are sent to the history table and the SNMP network management station based on the severity. The default severity is set to warnings(4).
To limit the number of syslog messages, perform this task in privileged mode:
Step 1
Limit the number of syslog messages.
set logging history severity severity_level
Step 2
Verify the system message logging configuration.
show logging
This example shows how to limit the number of syslog messages to the messages with a severity level of notifications(5):
Console> (enable) set logging history severity 5System logging history set to severity <5>Console> (enable)Configuring the syslog Daemon on a UNIX syslog Server
Before you can send the system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. Log in as root, and perform these steps:
Step 1
user.debug /var/log/myfile.log
Note
The switch sends the messages according to the specified facility types and severity levels. The user keyword specifies the UNIX logging facility that is used. The messages from the switch are generated by the user processes. The debug keyword specifies the severity level of the condition being logged. You can set the UNIX systems to receive all the messages from the switch.
Step 2
$ touch /var/log/myfile.log$ chmod 666 /var/log/myfile.logStep 3
$ kill -HUP `cat /etc/syslog.pid
Configuring the syslog Servers
Note
To configure the switch to log messages to a syslog server, perform this task in privileged mode:
Step 1
Specify the IP address of one or more syslog servers1 .
set logging server ip_addr
Step 2
Set the facility and severity levels for syslog server messages.
set logging server facility server_facility_parameter
set logging server severity server_severity_level
Step 3
Enable the system message logging to the configured syslog servers.
set logging server enable
Step 4
Verify the configuration.
show logging [noalias]
1 You can configure a maximum of three syslog servers.
This example shows how to specify a syslog server, set the facility and severity levels, and enable logging to the server:
Console> (enable) set logging server 10.10.10.10010.10.10.100 added to System logging server table.Console> (enable) set logging server facility local5System logging server facility set to <local5>Console> (enable) set logging server severity 5System logging server severity set to <5>Console> (enable) set logging server enableSystem logging messages will be sent to the configured syslog servers.Console> (enable)To delete a syslog server from the syslog server table, perform this task in privileged mode:
This example shows how to delete a syslog server from the syslog server table:
Console> (enable) clear logging server 10.10.10.100System logging server 10.10.10.100 removed from system logging server table.Console> (enable)To disable logging to the syslog server, perform this task in privileged mode:
Disable system message logging to the configured syslog servers.
set logging server disable
This example shows how to disable logging to the syslog servers:
Console> (enable) set logging server disableSystem logging messages will not be sent to the configured syslog servers.Console> (enable)Displaying the Logging Configuration
Enter the show logging command to display the current system message logging configuration. Enter the noalias keyword to display the IP addresses instead of the host names of the configured syslog servers.
To display the current system message logging configuration, perform this task:
This example shows how to display the current system message logging configuration:
Console> (enable) show loggingLogging buffered size: 500timestamp option: enabledLogging history size: 1severity: notifications(5)Logging console: enabledLogging server: disabledserver facility: LOCAL7server severity: warnings(4Current Logging Session: enabledFacility Default Severity Current Session Sever------------- ----------------------- ---------------------acl 5 5cdp 4 4cops 3 3dtp 5 5dvlan 2 2earl 2 2filesys 2 2gvrp 2 2ip 2 2kernel 2 2ld 3 3mcast 2 2mgmt 5 5mls 5 5pagp 5 5protfilt 2 2pruning 2 2privatevlan 3 3qos 3 3radius 2 2rsvp 3 3security 2 2snmp 2 2spantree 2 2sys 5 5tac 2 2tcp 2 2telnet 2 2tftp 2 2udld 4 4vmps 2 2vtp 2 20(emergencies) 1(alerts) 2(critical)3(errors) 4(warnings) 5(notifications)6(information) 7(debugging)Console> (enable)Displaying the System Messages
Enter the show logging buffer command to display the messages in the switch logging buffer. If you do not specify number_of_messages, the default is to display the last 20 messages in the buffer (-20).
To display the messages in the switch logging buffer, perform one of these tasks:
This example shows how to display the first five messages in the buffer:
Console> (enable) show logging buffer 51999 Apr 16 08:40:11 %SYS-5-MOD_OK:Module 1 is online1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 3 is online1999 Apr 16 08:40:14 %SYS-5-MOD_OK:Module 2 is online1999 Apr 16 08:41:15 %PAGP-5-PORTTOSTP:Port 2/1 joined bridge port 2/11999 Apr 16 08:41:15 %PAGP-5-PORTTOSTP:Port 2/2 joined bridge port 2/2This example shows how to display the last five messages in the buffer:
Console> (enable) show logging buffer -5%PAGP-5-PORTFROMSTP:Port 3/1 left bridge port 3/1%SPANTREE-5-PORTDEL_SUCCESS:3/2 deleted from vlan 1 (PAgP_Group_Rx)%PAGP-5-PORTFROMSTP:Port 3/2 left bridge port 3/2%PAGP-5-PORTTOSTP:Port 3/1 joined bridge port 3/1-2%PAGP-5-PORTTOSTP:Port 3/2 joined bridge port 3/1-2Console> (enable)Enabling and Disabling the System syslog Dump
If the system fails, a file containing the system messages in the syslog buffer (as displayed when entering the show logging buffer command) is produced.
To enable or disable the system syslog dump, perform this task in privileged mode (by default, the syslog dump is disabled):
Step 1
Enable or disable the system syslog dump.
set system syslog-dump {enable | disable}
Step 2
Verify the status of the system syslog dump.
show system
This example shows how to enable the system syslog dump:
Console> (enable) set system syslog-dump enable(1) In the event of a system crash, this feature willcause a syslog file to be written out.(2) Selected syslog file is slot0:sysloginfo(3) Please make sure the above device has been installed,and ready to use.Syslog-dump enabledConsole> (enable)This example shows how to disable the system syslog dump:
Console> (enable) set system syslog-dump disableSyslog-dump disabledConsole> (enable)This example shows how to display the status of the system syslog dump:
Console> (enable) show systemPS1-Status PS2-Status---------- ----------ok noneFan-Status Temp-Alarm Sys-Status Uptime d,h:m:s Logout---------- ---------- ---------- -------------- ---------ok off ok 1,00:03:18 20 min...Core Dump Core File------------------------ -----------------------disabled slot0:crashinfoSyslog Dump Syslog File------------------------ -----------------------enabled slot0:sysloginfoConsole> (enable)Specifying the System syslog Dump Flash Device and Filename
You can change the flash device and the filename when the syslog dump is enabled or disabled. If you only specify the flash device, the filename is automatically set to sysloginfo. If you do not specify the flash device or the filename, the previous filename for the syslog dump is cleared and the default flash device and filename (slot0:sysloginfo) are used.
To specify the flash device and filename for the system syslog dump, perform this task in privileged mode:
Step 1
Specify the flash device and filename.
set system syslog-file [device:[filename]]
Step 2
Verify the flash device and filename settings.
show system
This example shows how to set the flash device for the syslog dump:
Console> (enable) set system syslog-file bootflash:Default filename sysloginfo added to the device bootflash:System syslog-file set.Console> (enable)This example shows how to set the flash device and the filename:
Console> (enable) set system syslog-file bootflash:sysmsgs1System syslog-file set.Console> (enable)This example shows how to restore the flash device and the filename to the default settings:
Console> (enable) set system syslog-fileSystem syslog-file set to the default file.Console> (enable)Configuring CallHome
You can use the CallHome feature to set your switch to e-mail or page a syslog message of a specified severity to a specified e-mail or pager address or a set of e-mail or pager addresses.
CallHome is triggered whenever a syslog message is generated. If the severity of the generated syslog message is lower than the severity that you configure, the message is not forwarded to the destination addresses that you specified. If the severity is higher than the severity that you specified, the switch forwards the syslog message to the list of destination addresses that you entered.
CallHome is tied to the syslog messages and their severity. When you set the CallHome severity level, carefully consider the level of severity that you require for the existing set logging level command and the newly introduced set logging callhome severity command.
If you configure a very fine syslog severity level, such as for alerts (level 1), and a coarse CallHome severity level, such as for notifications (level 5), the destination addresses will receive the alerts and the emergencies only (levels 0 and 1). The destination addresses do not receive the remaining CallHome severity level notifications (levels 2, 3, and 4) that you specified. To ensure that the destination addresses receive the severity level alerts and notifications for all the levels that you want, set the CallHome severity level at the same severity level, or higher, than the level that you use to set the syslog message severity.
You can configure multiple SMTP servers so that the CallHome functionality is not disrupted if one server fails. If an SMTP server fails, the switch contacts the next configured server. If you configure multiple SMTP servers, the switch uses the first available SMTP server.
To configure CallHome on your switch, perform this task in privileged mode:
This example shows how to enable CallHome:
Console> (enable) set logging callhome enableCallhome functionality is enabled.Callhome messages will be sent to the configured destination addresses.Console> (enable)This example shows how to set the following addresses to receive the CallHome messages:
•
•
Console> (enable) set logging callhome destination adminjoe@epage.cisco fragment 128Included adminjoe@epage.cisco in the table of callhome destination addresses.Messages will be sent to this address in fragments of 128 bytes.Console> (enable) set logging callhome destination adminjane@cisco.comIncluded adminjane@cisco.com in the table of callhome destination addresses.Messages will be sent to this address without fragmentation.Console> (enable) set logging callhome destination adminboss@cisco.comIncluded adminboss@cisco.com in the table of callhome destination addresses.Messages will be sent to this address without fragmentation.Console> (enable)This example shows how to set the SMTP server with the IP address 172.16.8.19:
Console> (enable) set logging callhome smtp-server 172.20.8.16Included 172.20.8.16 in the table of callhome SMTP servers.Console> (enable)This example shows how to set the severity to level 3 (critical and error messages):
Console> (enable) set logging callhome severity 3Callhome severity level set to 3Console> (enable)This example shows how to set the From address to adminjoe@cisco.com:
Console> (enable) set logging callhome from adminjoe@cisco.comFrom address of callhome messages is set to adminjoe@cisco.comConsole> (enable)This example shows how to set the Reply to address to adminjane@cisco.com:
Console> (enable) set logging callhome reply-to adminjane@cisco.comReply-To address of callhome messages is set to adminjane@cisco.comConsole> (enable)This example shows how to verify the configuration:
Console> (enable) show logging callhomeCallhome Functionality: enabledCallhome Severity: LOG_ERR (3)SMTP Server-----------172.20.8.16Destination Address Message Size------------------- ------------adminboss@cisco.com No Fragmentationadminjane@cisco.com No Fragmentationadminjoe@epage.cisco 128 bytesFrom: adminjoe@cisco.comReply-To: adminjane@cisco.comConsole> (enable)Disabling CallHome
When you disable CallHome, you do not clear any other of the CallHome parameters that are set. You need to clear each parameter individually.
To disable CallHome on your switch, perform this task in privileged mode:
This example shows how to disable CallHome:
Console> (enable) set logging callhome disableCallhome functionality is disabled.Callhome messages will not be sent to the configured destination addresses.Console> (enable)To clear an address from the list of addresses that receive CallHome messages, perform this task in privileged mode:
Clear a destination address from the list of addresses that receive CallHome messages.
clear logging callhome destination Email or Epage Address
This example shows how to clear the destination address adminboss@cisco.com from the list of addresses that receive CallHome messages:
Console> (enable) clear logging callhome destination adminboss@cisco.comRemoved adminboss@cisco.com from the table of callhome destination addresses.Console> (enable)To clear the "from" address, perform this task in privileged mode:
This example shows how to clear the "from" address:
Console> (enable) clear logging callhome fromCleared the from address field of callhome messages.Console> (enable)To clear the "reply to" address, perform this task in privileged mode:
This example shows how to clear the "reply to" address:
Console> (enable) clear logging callhome reply-toCleared the reply-to address field of callhome messages.Console> (enable)To clear an SMTP server from the list of CallHome SMTP servers, perform this task in privileged mode:
This example shows how to delete the SMTP server 172.20.8.16 from the list of CallHome servers:
Console> (enable) clear logging callhome smtp-server 172.20.8.16Removed 172.20.8.16 from the table of callhome SMTP servers.Console> (enable)To clear the CallHome severity level, perform this task in privileged mode:
This example shows how to clear the CallHome severity level:
Console> (enable) clear logging callhome severityCleared callhome severity level to its default value of 2(LOG_CRIT).Console> (enable)
