Important: Not all Event Logs can be configured on all products. It is dependent on the hardware platform and licenses in use.
• Event: Event logging can be used to determine system status and capture important information pertaining to protocols and tasks in use by the system. This is a global function in that once it is configured, it will be applied to all contexts, sessions, and processes.
• Trace: Trace logging can be used to quickly isolate issues that may arise for a particular connected subscriber session. Traces can be taken for a specific call identification (callid) number, IP address, mobile station identification (MSID) number, or username.
• Active: Active logs are event logs that are operator configurable on a CLI instance-by-CLI instance basis (i.e. active logs configured by an administrative user in one CLI instance cannot be viewed by an administrative user in a different CLI instance). Each active log can be configured with filter and display properties that are independent of those configured globally for the system. Active logs are displayed in real time as they are generated.
• Monitor: Monitor logging records all activity associated with a particular session. This functionality is available in order to comply with law enforcement agency requirements for monitoring capabilities of particular subscribers. Moniors can be performed based on a subscriber’s MSID or username.
• Crash: Crash logging stores useful information pertaining to system software crashes that may be useful in determining the cause of the crash.Save the configuration as described in the Verifying and Saving Your Configuration chapter.Important: The data transmitted to the syslog server is meant to be used for informational purposes.Therefore, functions such as billing and performance monitoring should not be based on syslogs.
Important: Although the system provides the flexibility to configure syslog servers on a context-by-context basis, it is recommended that all servers be configured in the local context in order to isolate the log traffic from the network traffic.
• A number of keyword options/variables are available for the logging syslog command. Refer to the Command Line Interface Reference for more information.Save the configuration as described in the Verifying and Saving Your Configuration chapter.Trace logging is useful for quickly resolving issues for specific sessions that are currently active. They are temporary filters that are generated based on a qualifier that is independent of the global event log filter configured using the logging filter command. Like event logs, however, the information generated by the logs is stored in the active memory buffer.Important: Trace logs are intrusive to the processing of the session. Therefore, they should be implemented for debug purposes only.
• Refer to the logging filter command in the Command Line Interface Reference to view a list of the supported logging facilities.
• A number of keyword options/variables are available for the logging active command. Refer to the Command Line Interface Reference for more information.The following table provides information] and descriptions of the statistics that are displayed when the verbose keyword is used.
• From the syslog server: If the system is configured to send logs to a syslog server, the logs can be viewed directly on the syslog server.
• From the system CLI: Logs stored in the system memory buffers can be viewed directly from the CLI.
• From the console port: By default, the system automatically displays events over the console interface to a terminal provided that there is no CLI session active.Important: A number of optional keywords/variables are available for the show logs command. Refer to the Command Line Interface Reference for more information.
• Crash log: Crash logs record all possible information pertaining to a software crash. Due to their size, they can not be stored in system memory. Therefore, these logs are only generated if the system is configured with a Universal Resource Locator (URL) pointing to a local device or a network server where the log can be stored.
• Abridged crash log: These logs are automatically generated when a software crash occurs and are stored in system memory. The abridged crash log contains a subset of the possible information that could be generated with a crash log. These logs are generated even if a full crash log is generated and can be viewed using the CLI.
• CompactFlash™: Installed on the SPC/SMC
• PCMCIA Flash Card: Installed in either the PCMCIA1 or PCMCIA2 slots on the SPC or in the PCMCIA1 slot on the SMC
• Network Server: Any workstation or server on the network that the system can access using the Trivial File Transfer Protocol (TFTP), the File Transfer Protocol (FTP), the Secure File Transfer Protocol (SFTP), or the Hyper-Text Transfer Protocol (HTTP); this is recommended for large network deployments in which multiple systems require the same configurationCrash logs are stored with unique names as they occur to the specified location. The name format is crash-card-cpu-time-core. Where card is the card number, cpu is the number of the CPU on the card, and time is the POSIX timestamp in hexadecimal notation.
• Keyword and variable options are available for the crash enable command. Refer to the Command Line Interface Reference for more information.Save the configuration as described in the Verifying and Saving Your Configuration chapter.Abridged crash logs are stored on the CompactFlash installed on the SPC/SMC. They are located in the /flash/crash/ directory with file names in the mc-slot-cpu-pid-xxxxxxxx format. Where slot is the card slot in the chassis, cpu is the number of the CPU on the card, pid is the process ID number, and xxxxxxxx is a UNIX date code in hexadecimal notation.
show crash number <crash_number>crash_number is the number of the crash for which you wish to view the log as displayed by the show crash list command.save logs { <url> } [ active ] [ inactive ] [ callid <call_id> ] [ event-verbosity <evt_verboseness>] [ facility <facility> ] [ level <severity_level> ] [ pdu-data <pdu_format> ] [ pdu-verbosity <pdu_verboseness> ] [ since <from_date_time> [ until <to_date_time> ] ] [ | { grep <grep_options> | more } ]For detailed information on the save logs command, refer to the Exec Mode Commands chapter of the Command Line Interface Reference.Important: Not all event IDs are used on all platforms. It depends on the platform type and the license(s) running.
• critical: Logs only those events indicating a serious error has occurred that is causing the system tor a system component to cease functioning. This is the highest severity level.
• error: Logs events that indicate an error has occurred that is causing the system or a system component to operate in a degraded state. This level also logs events with a higher severity level.
• warning: Logs events that may indicate a potential problem. This level also logs events with a higher severity level.
• unusual: Logs events that are very unusual and may need to be investigated. This level also logs events with a higher severity level.
• info: Logs informational events and events with a higher severity level.
• trace: Logs events useful for tracing and events with a higher severity level.
• debug: Logs all events regardless of the severity.
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |