Logging syslog Features

Available Languages

Download Options

  • PDF     (131.1 KB)
    View with Adobe Reader on a variety of devices
Updated:June 29, 2007

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Logging Syslog Messages

Table Of Contents

Logging Syslog Messages

syslog Messages

Example 1

Example 2

Configuring Message Logging

Changing Log Directory

Configuring syslog Daemon (syslogd)

Managing the Syslog File

Server Up/Down Status Change Logging

Header Formats

Example Log Messages


Logging Syslog Messages

Logging messages via syslog provides centralized error reporting for Cisco Access Registrar. Local logging and syslog logging can be turned on or off at any time by modifying the control flags in the $INSTALLPATH/conf/aic.conf file.

Logging syslog messages requires a UNIX host running a syslog daemon as a receiver for Cisco Access Registrar messages. Cisco Access Registrar and the syslog daemon can be running on the same host or different hosts.

syslog Messages

Messages that are sent to the following logs will be forwarded to syslog server in a slightly different format. The logs are:

aregcmd_log

config_mcd_[1..n]_log

name_radius_[1..n]_log

agent_server_[1..n]_log

The messages are in the following format:

MMM DD hh:mm:ss hostname %CAR-[severity]-[mnemonic]: [#n], [System|Server]: message_description

Where:

MMM DD is the month and date that the message is received by the syslog server

hh:mm:ss is the arrival time of the message

hostname is the name of the syslog server

severity is one of the following levels:

0 - emergency

1 - alert

2 - critical

3 - error

4 - warning

5 - notification

6 - informational

7 - debugging

mnemonic can be aregcmd, name_radius, agent_server and config_mcd for the identification of AR subsystems that the message relates to.

#n is the id for the components: name_radius, agent_server, and config_mcd

message_description provides detailed information of the message

Example 1

May 19 14:28:44 dwlau-ultra2.cisco.com

%CAR-3-name_radius: #1, System: Remote LDAP Server.Unable to bind.

Example 2

May 19 14:28:45 dwlau-ultra2.cisco.com

%CAR-6-name_radius: #1, Server: Stopping server

Configuring Message Logging

Message logging is on by default, and all logs are stored in the $INSTALL/logs directory. To turn logging off, or to change the location where logs are stored, you must modify the $INSTALLPATH/conf/aic.conf file.

In $INSTALLPATH/conf/aic.conf file, the following lines control logging.

LOCAL_LOGGING [ON|OFF]

LOGDIR full_path

DATADIR full_path

SYSLOG_LOGGING [ON|OFF]

SERVER_IP_ADDRESS [ip_address]

FACILITY_LOCAL_NUMBER [0..7]

Where:

LOCAL_LOGGING enables (ON) or disables (OFF) the local logging function. (Local logging is on by default.)

LOGDIR specifies a full pathname to a different local log directory.

DATADIR specifies a full pathname to a different data directory.

SYSLOG_LOGGING enables (ON) or disables (OFF) the syslog logging function. (syslog logging is on by default.)

SERVER_IP_ADDRESS specifies the IP address of the host to which AR will send syslog messages.

FACILITY_LOCAL_NUMBER specifies the facility being used by the syslogd.

The following is an example

LOCAL_LOGGING OFF

SYSLOG_LOGGING ON

SERVER_IP_ADDRESS 209.165.200.224

FACILITY_LOCAL_NUMBER 7

Note You must first stop the CAR server prior to changing the aic.conf file, then restart the server. If you change the directory location where logs or database data are stored, you should also copy all log files or data files to that same directory before restarting the CAR server.

Changing Log Directory

You can change the directory where local log messages are stored by adding the following line in the $INSTALLPATH/conf/aic.conf file.

LOGDIR full_path

Where full_path is a full path to the directory where you want to store the log messages. For example, to store all system logs in /var/log/AICar1, add the following line in the $INSTALLPATH/conf/aic.conf file:

LOGDIR /var/log/AICar1

You must first stop the CAR server prior to changing the aic.conf file. After changing the aic.conf file, copy all existing log files to the new directory, then restart the server.

Note Specifying a path for local logging does not affect the storage location of syslog messages.

Configuring syslog Daemon (syslogd)

You must specify the facility from which syslogd will receive messages and the file into which the messages will be deposited.

In the syslog server's /etc/syslog.conf file, the following line may be needed.

localn.info <tab> <tab> <tab> /var/log/filename.log

Note Use at least one <tab> as a field separator.

Where:

localn—is the facility being used for syslogd; n must be a value from 0-7 and match the FACILITY_LOCAL_NUMBER used in AR's aic.conf file.

/var/log/—is the path to the file that stores syslogd messages.

filename.log—is the file that stores syslogd messages. You may give this file a name of your choice.

Creating a Log File

To create a syslog log file, complete the following steps:

Step 1 Log in as user root.

Step 2 Enter the following command, where filename.log is a name you choose.

touch  filename.log

Step 3 Change permissions on the syslog log file by entering the following:

chmod 664 filename.log

Restarting syslogd

To restart the syslog daemon, log in as user root and enter the following commands:

/etc/init.d/syslog stop

/etc/init.d/syslog start

Managing the Syslog File

Left unmanaged, the syslog file will grow in size over time and eventually fill all available disk space in its partition. Cisco recommends that you use the cron program to manage the syslog files.

The following example crontab file performs a weekly archival of the existing syslog file (named ar_syslog.log in this example). This scheme keeps the previous two week's worth of syslog files.

#

# At 02:01am on Sundays:

# Move a weeks worth of 'ar_syslog.log' log messages to 'ar_syslog.log.1'.

# If there was a 'ar_syslog.log.1' move it to 'ar_syslog.log.2'.

# If there was a 'ar_syslog.log.2' then it is lost.

01 02 * * 0 cd /var/log;

if [ -f ar_syslog.log ];

then if [ -f ar_syslog.log.1 ];

then /bin/mv ar_syslog.log.1 ar_syslog.log.2;

fi;

/usr/bin/cp ar_syslog.log ar_syslog.log.1;

>ar_syslog.log;

fi

Note Consider using move (mv) or copy (cp) commands to store the previous week's syslog files in a different disk partition to reserve space for the current syslog file.

To add this crontab segment to the existing cron facility in /usr/spool/cron/crontabs directory, complete the following steps at the syslog server console.

Step 1 Log in as user root.

Step 2 Enter the following commands:

crontab -e

Server Up/Down Status Change Logging

Cisco Access Registrar supports RADIUS server up/down detection and logging. The information messages are saved in the $INSTALL/logs/name_radius_1_log file where $INSTALL is the Cisco Access Registrar installation directory. Each message consists of a header and a message description.

Header Formats

The format of a header entry is:

mm/dd/yyyy HH:MM:SS name/radius/n Error Server 0

Example Log Messages

Following are the descriptions and types of messages that can be found within the <AR_install_dir>/logs/name_radius_1_log file.

1. Cisco Access Registrar detects a Remote Server when it responds for the first time or after it is reentered into Cisco Access Registrar's server pool for retry. The format of the message is:

Remote Server <hostname> (<ipaddress>:<port>) is UP!

The following is an example header and message: 

09/14/1999 17:56:32 name/radius/1 Error Server 0 
Remote Server dave-ultra (171.69.237.99:1645) is UP!

Cisco Access Registrar detects the Remote Server is not responding to its request. The format of the message is:

Remote Server <hostname> (<ipaddress>:<port>) is DOWN!

The following is an example header and message: 

09/14/1999 17:57:12 name/radius/1 Error Server 0 Remote 
server dave-ultra (171.69.237.99:1645) is DOWN!

2. Cisco Access Registrar receives no response from the Remote Server after the server is reentered into Cisco Access Registrar's server pool for retry. The format of the message is:

Remote Server <hostname> (<ipaddress>:<port>) remains DOWN!

The following is an example header and message: 

09/14/1999 17:56:32 name/radius/1 Error Server 0 Remote 
server dave-ultra (171.69.237.99:1645) remains DOWN!

3. The Remote Server is responding to the first retry but not the initial request. The format of the message is:

Remote Server <hostname> (<ipaddress>:<port>) is UP but slow!

The following is an example header and message: 

09/14/1999 17:56:32 name/radius/1 Error Server 0 Remote 
server dave-ultra (171.69.237.99:1645) is UP but slow!

4. The Remote Server is responding to the second retry request but not the initial request or the first retry request. The format of the message is:

Remote Server <hostname> (<ipaddress>:<port>) is UP but very slow!

The following is an example header and message: 

09/14/1999 17:56:32 name/radius/1 Error Server 0 Remote 
server dave-ultra (171.69.237.99:1645) is UP but very slow!

5. The Remote Server has been marked inactive and is being put back into Cisco Access Registrar's server pool for later use. The format of the message is:

Remote Server <hostname> (<ipaddress>:<port>) is being reactivated for later use.

The following is an example header and message: 

09/14/1999 17:56:32 name/radius/1 Error Server 0 Remote 
server dave-ultra (209.165.200.224:1645) is being reactivated for later use.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products