Configuring System Message Logging

This chapter describes how to configure system message logging on Cisco MDS 9000 Series switches.

Information About System Message Logging

With the system message logging software, you can save messages in a log file or direct the messages to other devices. By default, the switch logs normal but significant system messages to a log file and sends these messages to the system console. This feature provides you with the following capabilities:

  • Provides logging information for monitoring and troubleshooting

  • Allows you to select the types of captured logging information

  • Allows you to select the destination server to forward the captured logging information properly configured system message logging server.


Note
When the switch first initializes, the network is not connected until initialization completes. Therefore, messages are not redirected to a system message logging server for a few seconds.

Log messages are not saved across system reboots. However, a maximum of 100 log messages with a severity level of critical and below (levels 0, 1, and 2) are saved in NVRAM.

Table 1 describes some samples of the facilities supported by the system message logs.

Table 1. Internal Logging Facilities

Facility Keyword

Description

Standard or Cisco MDS Specific

acl

ACL manager

Cisco MDS 9000 Family specific

all

All facilities

Cisco MDS 9000 Family specific

auth

Authorization system

Standard

authpriv

Authorization (private) system

Standard

bootvar

Bootvar

Cisco MDS 9000 Family specific

callhome

Call Home

Cisco MDS 9000 Family specific

cron

Cron or at facility

Standard

daemon

System daemons

Standard

fcc

FCC

Cisco MDS 9000 Family specific

fcdomain

fcdomain

Cisco MDS 9000 Family specific

fcns

Name server

Cisco MDS 9000 Family specific

fcs

FCS

Cisco MDS 9000 Family specific

flogi

FLOGI

Cisco MDS 9000 Family specific

fspf

FSPF

Cisco MDS 9000 Family specific

ftp

File Transfer Protocol

Standard

ipconf

IP configuration

Cisco MDS 9000 Family specific

ipfc

IPFC

Cisco MDS 9000 Family specific

kernel

Kernel

Standard

local0 to local7

Locally defined messages

Standard

lpr

Line printer system

Standard

mail

Mail system

Standard

mcast

Multicast

Cisco MDS 9000 Family specific

module

Switching module

Cisco MDS 9000 Family specific

news

USENET news

Standard

ntp

NTP

Cisco MDS 9000 Family specific

platform

Platform manager

Cisco MDS 9000 Family specific

port

Port

Cisco MDS 9000 Family specific

port-channel

PortChannel

Cisco MDS 9000 Family specific

qos

QoS

Cisco MDS 9000 Family specific

rdl

RDL

Cisco MDS 9000 Family specific

rib

RIB

Cisco MDS 9000 Family specific

rscn

RSCN

Cisco MDS 9000 Family specific

securityd

Security

Cisco MDS 9000 Family specific

syslog

Internal system messages

Standard

sysmgr

System manager

Cisco MDS 9000 Family specific

tlport

TL port

Cisco MDS 9000 Family specific

user

User process

Standard

uucp

UNIX-to-UNIX Copy Program

Standard

vhbad

Virtual host base adapter daemon

Cisco MDS 9000 Family specific

vni

Virtual network interface

Cisco MDS 9000 Family specific

vrrp_cfg

VRRP configuration

Cisco MDS 9000 Family specific

vrrp_eng

VRRP engine

Cisco MDS 9000 Family specific

vsan

VSAN system messages

Cisco MDS 9000 Family specific

vshd

vshd

Cisco MDS 9000 Family specific

wwn

WWN manager

Cisco MDS 9000 Family specific

xbar

Xbar system messages

Cisco MDS 9000 Family specific

zone

Zone server

Cisco MDS 9000 Family specific

Table 2 describes the severity levels supported by the system message logs.

Table 2. Error Message Severity Levels

Level Keyword

Level

Description

System Message Definition

emergencies

0

System unusable

LOG_EMERG

alerts

1

Immediate action needed

LOG_ALERT

critical

2

Critical conditions

LOG_CRIT

errors

3

Error conditions

LOG_ERR

warnings

4

Warning conditions

LOG_WARNING

notifications

5

Normal but significant condition

LOG_NOTICE

informational

6

Informational messages only

LOG_INFO

debugging

7

Debugging messages

LOG_DEBUG


Note
Refer to the Cisco MDS 9000 Family System Messages Reference for details on the error log message format.

System Message Logging

The System Message Logging feature allows system messages to be logged for later reference. This feature has the following capabilities:

  • Provides logging information for monitoring and troubleshooting.

  • Allows the user to select the types of captured logging information.

  • Allows the user to forward the captured logging information to remote logging servers.

Messages are time stamped to enhance real time debugging and message management.

The message timestamp can be configured to be either traditional human oriented format or the RFC 5424 machine compatible format. The traditional format uses Gregorian month abbreviations and spaces while the RFC 5424 format uses ISO style numerical timestamps with the time zone.

RFC 5424 message format also includes additional structured fields such as the issuing application name, process ID and message ID. This format allows central logging of messages from multiple devices with a standard format that can be analysed easily.

By default, the switch logs normal but significant system messages to an onboard logfile and the system console as they occur. The onboard logfile is circular and can store up to the last 1200 messages. Messages stored in the onboard logfile can be viewed using the CLI.

System messages may be displayed in real time in a user's session to the switch. This allows real time monitoring of switch events when troubleshooting. The minimum severity of messages to be displayed to sessions is configurable.

System messages may also be logged to remote logging servers. Up to three remote destinations may be configured. These may be a mix of IPv4 and IPv6 addresses. By default, when a remote logging destination is configured, system messages are sent using UDP.


Tip

To be able to compare system messages from multiple devices ensure that all devices have the correct time. This will allow the sequence of events involving multiple devices to be understood. Device clocks can be synchronised by using NTP.

The system messages to be logged to each destination can be filtered based on the facility and the severity level.

SFP Diagnostics

The error message related to SFP failures is written to the syslog. You can listen to the syslog for events related to SFP failures. The values, low or high alarm, and the warning are checked for the following parameters:

  • TX Power
  • RX Power
  • Temperature
  • Voltage
  • Current

The SFP notification trap indicates the current status of the alarm and warning monitoring parameters for all the sensors based on the digital diagnostic monitoring information. This notification is generated whenever there is a change in the status of at least one of the monitoring parameters of the sensors on the transceiver in an interface.

The CISCO-INTERFACE-XCVR-MONITOR-MIB contains the SFP notification trap information. Refer to the Cisco MDS 9000 Family MIB Quick Reference for more information on this MIB.

Outgoing System Message Logging Server Facilities

All system messages have a logging facility and a level. The logging facility can be thought of as where and the level can be thought of as what .

The single system message logging daemon (syslogd) sends the information based on the configured facility option. If no facility is specified, local7 is the default outgoing facility.

The internal facilities are listed in Table 1 and the outgoing logging facilities are listed in Table 1.

Table 3. Outgoing Logging Facilities

Facility Keyword

Description

Standard or Cisco MDS Specific

auth

Authorization system

Standard

authpriv

Authorization (private) system

Standard

cron

Cron or at facility

Standard

daemon

System daemons

Standard

ftp

File Transfer Protocol

Standard

kernel

Kernel

Standard

local0 to local7

Locally defined messages

Standard (local7 is the default)

lpr

Line printer system

Standard

mail

Mail system

Standard

news

USENET news

Standard

syslog

Internal system messages

Standard

user

User process

Standard

uucp

UNIX-to-UNIX Copy Program

Standard

System Message Logging Configuration Distribution

You can enable fabric distribution for all Cisco MDS switches in the fabric. When you perform system message logging configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.

You automatically acquire a fabric-wide lock when you issue the first configuration command after you enabled distribution in a switch. The system message logging server uses the effective and pending database model to store or commit the commands based on your configuration. When you commit the configuration changes, the effective database is overwritten by the configuration changes in the pending database and all the switches in the fabric receive the same configuration. After making the configuration changes, you can choose to discard the changes by terminating the changes instead of committing them. In either case, the lock is released. See Using the CFS Infrastructure for more information on the CFS application.

Fabric Lock Override

If you have performed a system message logging task and have forgotten to release the lock by either committing or discarding the changes, an administrator can release the lock from any switch in the fabric. If the administrator performs this task, your changes to the pending database are discarded and the fabric lock is released.


Tip

The changes are only available in the volatile directory and are subject to being discarded if the switch is restarted.

Guidelines and Limitations for System Message Logging

When merging two fabrics with CFS that have different system message logging configurations, follow these guidelines:

  • Be aware that the merged configuration is a union of the existing and received configuration for each switch in the fabric.

  • Verify that the merged configuration will only have a maximum of three unique system message logging servers.


Caution

If the merged configuration contains more that three servers, the merge will fail.

For detailed concepts on CFS merge, see CFS Merge Support.

Default Settings

Table 1 lists the default settings for system message logging.

Table 4. Default System Message Log Settings

Parameters

Default

System message logging to the console

Enabled for messages at the critical severity level.

System message logging to sessions

Disabled.

Onboard logging file size

4194304 bytes.

Onboard logging file name

messages

Remote server facility

local7

Remote logging destinations

Not configured.

Unsecure remote server destination port

UDP 514

Secure remote server destination port

TCP 6514

CA certificates

Not installed.

Configuring System Message Logging

System logging messages are sent to the console based on the default (or configured) logging facility and severity values.

Task Flow for Configuring System Message Logging

Follow these steps to configure system message logging:

Procedure

Step 1

Enable or disable message logging.

Step 2

Configure console severity level.

Step 3

Configure monitor severity level.

Step 4

Configure module log severity level.

Step 5

Configure facility severity levels.

Step 6

Configure the onboard log file.

Step 7

Configure system message logging servers.

Step 8

Configure system message logging distribution.

Enabling or Disabling Message Logging

You can disable logging to the console or enable logging to a specific Telnet or SSH session.

  • When you disable or enable logging to a console session, that state is applied to all future console sessions. If you exit and log in again to a new session, the state is preserved.

  • When you enable or disable logging to a Telnet or SSH session, that state is applied only to that session. If you exit and log in again to a new session, the state is not preserved.

To enable or disable the logging state for a Telnet or SSH session, follow these steps:

Procedure

Step 1

switch# terminal monitor

Enables logging for a Telnet or SSH session.

Note

 
Logging to the console session is enabled by default.

Step 2

switch# terminal no monitor

Disables logging for a Telnet or SSH session.

Note

 
A Telnet or SSH session is disabled by default.

Configuring Console Severity Level

When logging is enabled for a console session (default), you can configure the severity levels of messages that appear on the console. The default severity for console logging is 2 (critical).


Note

The current critical (default) logging level is maintained if the console baud speed is 9600 baud (default). All attempts to change the console logging level generates an error message. To increase the logging level (above critical), you must change the console baud speed to 38400 baud.

To configure the severity level for the console session, follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging console 3

Configures console logging at level 3 (error). Logging messages with a severity level of 3 or above are displayed on the console.

Step 3

switch(config)# no logging console

Reverts console logging to the factory set default severity level of 2 (critical). Logging messages with a severity level of 2 or above are displayed on the console.

Configuring Monitor Severity Level

When logging is enabled for a monitor session (default), you can configure the severity levels of messages that appear on the monitor. The default severity for monitor logging is 5 (notifications).

To configure the severity level for a monitor session, follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging monitor 3

Configures monitor logging at level 3 (error). Logging messages with a severity level of 3 or above are displayed on the monitor.

Step 3

switch(config)# no logging monitor

Reverts monitor logging to the factory set default severity level of 5 (notifications). Logging messages with a severity level of 5 or above are displayed on the console.

Configuring Module Logging

You can enable or disable logging for each module at a specified severity level.

Starting from Cisco MDS 9000 NX-OS Release 9.4(3), kernel system logs from the line cards are logged into the supervisor module. This feature is supported by the following Cisco MDS 9700 Series Line Cards:

  • DS-X9448-768K9

  • DS-X9648-1536K9

  • DS-X9748-3072K9

  • DS-X9334-K9

Table 5. Default severity settings:

Command

Default Value

logging module

5

logging module kernel

2

To enable or disable the logging for modules and configure the severity level, follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging module 1

Configures module logging at level 1 (alerts) for all modules.

Step 3

(Optional) switch(config)# logging module

Configures module logging for all modules in the switch at the default level 5.

Step 4

(Optional) switch(config)# logging module kernel

Enables logging module kernel command.

Configures module kernel logging for all modules in the switch at the default level 2.

Step 5

(Optional) switch(config)# logging module kernel 1

Configures the severity.

Step 6

(Optional) switch(config)# no logging module

Disables module logging.

Step 7

(Optional) switch(config)# no logging module kernel

Disables logging module kernel.

Configuring Facility Severity Levels

To configure the severity level for a logging facility (see Table 1), follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging level kernel 4

Configures Telnet or SSH logging for the kernel facility at level 4 (warning). As a result, logging messages with a severity level of 4 or above are displayed.

Step 3

switch(config)# no logging level kernel 4

Reverts to the default severity level 6 (informational) for the Telnet or SSH logging for the kernel facility.

Note

 
Use the show logging info command to display the default logging levels for the facilities listed in Table 1.

Configuring Logging Format and Timezone

Starting from Cisco MDS NX-OS 9.4(4), you can configure the logging message format and timezone.

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging format rfc5424

Enables system logging message format to comply with RFC 5424.

Step 3

switch(config)# logging timezone utc

Enables the timezone in syslog messages as Universal Time Coordinated (UTC) instead of using the locally configured switch timezone.

Configuring the Onboard Log File

By default, the switch logs normal but significant system messages to a log file and sends these messages to the system console. Log messages are not saved across system reboots. The logging messages that are generated may be saved to a log file. You can configure the name of this file and restrict its size as required. The default log file name is messages.

The file name can have up to 80 characters and the file size ranges from 4096 bytes to 4194304 bytes.

To change the default logging configuration follow these steps:


Note

Cisco recommends using the default logging configuration, which captures messages with severity level 5 notifications and higher.

Increasing the severity level to 3 (errors) may result in some important messages not being logged.

Decreasing it to 6 (information) or 7 (debugging) can generate excessive logs, potentially causing important messages to be overwritten prematurely.

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging logfile messages 3

Configures logging of messages with severity level 3 (errors) and higher, that is, levels 0 (emergencies), 1 (alerts), and 2 (critical) to the default log file named messages.

Step 3

switch(config)# logging logfile ManagerLog 3

Configures logging of information for errors or events with a severity level 3 or above to a file named ManagerLog using the default size of 10,485,760 bytes.

Step 4

switch(config)# logging logfile ManagerLog 3 size 3000000

Configures logging information for errors or events with a severity level 3 or above to a file named ManagerLog. By configuring a size, you are restricting the file size to 3,000,000 bytes.

Step 5

switch(config)# no logging logfile

Disables logging messages to the logfile.

You can rename the log file using the logging logfile command.

The location of the log file cannot be changed. You can use the show logging logfile and clear logging logfile commands to view and delete the contents of this file. You can use the dir log: command to view logging file statistics. You can use the delete log: command to remove the log file.

You can copy the logfile to a different location using the copy log: command using additional copy syntax.

Configuring the Origin ID for System Messages

To specify the hostname, IP address, or a text string in the system messages that are sent to remote syslog servers, follow these steps:

Procedure

Step 1

switch# configure

Enters configuration mode.

Step 2

switch(config)# logging origin-id {hostname | ip address | string word}

Specifies the hostname, IP address, or a text string in the system messages that are sent to remote syslog servers.

Configuring System Message Logging Servers

You can configure a maximum of three system message logging servers. To send log messages to a UNIX system message logging server, you must configure the system message logging daemon on a UNIX server. Log in as a privileged user, and follow these steps:

Procedure

Step 1

Add the following line to the /etc/syslog.conf file.

local1.debug /var/log/ myfile .log

Note

 

Be sure to add five tab characters between local1.debug and /var/log/ myfile .log . Refer to entries in the /etc/syslog.conf file for further examples.

The switch sends messages according to the specified facility types and severity levels. The local1 keyword specifies the UNIX logging facility used. The messages from the switch are generated by user processes. The debug keyword specifies the severity level of the condition being logged. You can set UNIX systems to receive all messages from the switch.

Step 2

Create the log file by entering these commands at the UNIX shell prompt:

$ touch /var/log/ myfile .log

$ chmod 666 /var/log/ myfile .log

Step 3

Make sure the system message logging daemon reads the new changes by entering this command:

$ kill -HUP ~cat /etc/syslog.pid~

Configuring System Message Logging Distribution

To enable fabric distribution for system message logging server configurations, follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging distribute

Enables the system message logging server configuration to be distributed to all switches in the fabric, acquires a lock, and stores all future configuration changes in the pending database.

Step 3

switch(config)# no logging distribute

Disables (default) system message logging server configuration distribution to all switches in the fabric.

Committing Changes

To commit the system message logging server configuration changes, follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging commit

Distributes the configuration changes to all switches in the fabric, releases the lock, and overwrites the effective database with the changes made to the pending database.

Discarding Changes

To discard the system message logging server configuration changes, follow these steps:

Procedure

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging abort

Discards the system message logging server configuration changes in the pending database and releases the fabric lock.

Fabric Lock Override

To use administrative privileges and release a locked system message logging session, use the clear logging session command. 


switch# clear logging session

Displaying System Message Logging Information

To display the system message logging information, perform one of the following tasks:

Command

Purpose

show logging

show logging info

Displays current system message logging information

show logging format

Displays syslog message format.

show logging last

Displays last few lines of a log file.

show logging level

Displays logging facility.

show logging logfile

Displays the log file.

show logging module

Displays switching module logging status.

show logging monitor

Displays monitor logging status.

show logging nvram

Displays NVRM log contents.

show logging server

Displays server information.

show logging timezone

Displays the time zone used in syslog message timestamps.

Note

The show logging and show logging info commands provide the same output and can be used interchangeably to display system message logging information.

For detailed information about the fields in the output from these commands, refer to the Cisco MDS 9000 Family Command Reference .

Use the show logging command to display the current system message logging configuration . See Examples Display System Message Logging Information to Display Remote Logging Server Information.

Display System Message Logging Information

The following example displays the current system message logging settings and contents of the onboard log file: 

switch# show logging

Logging console:                enabled (Severity: information)
Logging monitor:                enabled (Severity: notifications)
Logging linecard:               enabled (Severity: notifications)
Logging server:                 disabled
Logging origin_id :             disabled
Logging rate-limit:             enabled
Logging logfile:                enabled
        Name - messages: Severity - notifications Size - 10485760

Logging persistent :            disabled (Reason: Logflash CF card not online.)

Logging format rfc5424:         enabled
System timestamp format rfc5424:disabled
Logging timezone utc:           enabled


Syslog History Table: '1' maximum table entries
saving level 'warnings' or higher
1201 messages ignored, 0 dropped, 63 table entries flushed
SNMP notifications disabled

        entry number 64: SMA-4-ACTIVATION_COMPLETED
         Activation of policy name edge successful.
        Timestamp: 12929540



Facility        Default Severity        Current Session Severity
--------        ----------------        ------------------------
aaa                     3                       3
aam                     2                       2
acl                     2                       2
auth                    0                       0
authpriv                3                       3
bloggerd                4                       4
bootvar                 5                       5
callhome                2                       2
capability              2                       2
cdp                     2                       2
cert_enroll             2                       2
cfs                     3                       3
clis                    3                       3
confcheck               2                       2
cron                    3                       3
daemon                  3                       3
device-alias            3                       3
dstats                  2                       2
eem_policy_dir          2                       2
epp                     5                       5
ethport                 5                       5
evmc                    5                       5
evms                    2                       2
fabric_start_cfg_mgr    2                       2
fc-tunnel               5                       5
fc2d                    2                       2
fcdomain                3                       3
fcns                    2                       2
fcs                     2                       2
fdmi                    2                       2
feature-mgr             2                       2
flogi                   2                       2
fs-daemon               2                       2
fspf                    3                       3
ftp                     3                       3
ipacl                   2                       2
ipconf                  5                       5
ipfc                    2                       2
ips                     5                       5
kern                    3                       3
licmgr                  6                       6
local0                  3                       3
local1                  3                       3
local2                  3                       3
local3                  3                       3
local4                  3                       3
local5                  3                       3
local6                  3                       3
local7                  3                       3
lpr                     3                       3
mail                    3                       3
mcast                   2                       2
module                  5                       5
monitor                 3                       3
mvsh                    2                       2
news                    3                       3
ntp                     2                       2
platform                5                       5
plugin                  2                       2
port                    5                       6
port-channel            5                       5
port-resources          5                       5
port-security           3                       3
qos                     3                       3
radius                  3                       3
rdl                     2                       2
res_mgr                 5                       5
rib                     2                       2
rlir                    2                       2
rscn                    2                       2
scsi-target             2                       2
securityd               3                       3
sma                     5                       5
smm                     4                       4
snmpd                   2                       2
snmpmib_proc            2                       2
span                    3                       3
syslog                  3                       3
sysmgr                  3                       3
SystemHealth            4                       4
user                    3                       3
uucp                    3                       3
vni                     2                       2
vrrp-cfg                3                       3
vrrp-eng                3                       3
vsan                    2                       2
vshd                    5                       5
wwn                     3                       3
xbar                    5                       5
xmlma                   3                       3
zone                    2                       2

0(emergencies)          1(alerts)       2(critical)
3(errors)               4(warnings)     5(notifications)
6(information)          7(debugging
...

Use the show logging nvram command to view the log messages saved in NVRAM. Only log messages with a severity level of critical and below (levels 0, 1, and 2) are saved in NVRAM.

Display NVRM Log Contents

The following example displays the NVRM log contents: 


switch# show logging nvram

Jul 16 20:36:46 switchname %KERN-2-SYSTEM_MSG: unable to alloc and fill in a
new mtsbuf (pid=2209, ret_val = -105)
Jul 16 20:36:46 switchname %KERN-2-SYSTEM_MSG: unable to alloc and fill in a
new mtsbuf (pid=2199, ret_val = -105)
Jul 16 20:36:46 switchname %KERN-2-SYSTEM_MSG: unable to alloc and fill in a
new mtsbuf (pid=2213, ret_val = -105)
Jul 16 20:36:46 switchname %KERN-2-SYSTEM_MSG: unable to alloc and fill in a
new mtsbuf (pid=2213, ret_val = -105)
...

Display Log File

The following example displays the onboard log file: 


switch# show logging logfile

Jul 16 21:06:50 %DAEMON-3-SYSTEM_MSG: Un-parsable frequency in /mnt/pss/ntp.drift
Jul 16 21:06:56 %DAEMON-3-SYSTEM_MSG: snmpd:snmp_open_debug_cfg: no snmp_saved_dbg_uri ;
Jul 16 21:06:58 switchname %PORT-5-IF_UP: Interface mgmt0 is up
Jul 16 21:06:58 switchname %MODULE-5-ACTIVE_SUP_OK: Supervisor 5 is active
...

Display Console Logging Status

The following example displays the status and severity of message logging to the console: 


switch# show logging console
  
Logging console:                enabled (Severity: notifications)

Display Logging Facility

The following example displays the default logging level and the currently configured logging level of each switch facility: 


switch# show logging level
 
Facility        Default Severity        Current Session Severity
--------        ----------------        ------------------------
kern                    6                       6
user                    3                       3
mail                    3                       3
daemon                  7                       7
auth                    0                       7
syslog                  3                       3
lpr                     3                       3
news                    3                       3
uucp                    3                       3
cron                    3                       3
authpriv                3                       7
ftp                     3                       3
local0                  3                       3
local1                  3                       3
local2                  3                       3
local3                  3                       3
local4                  3                       3
local5                  3                       3
local6                  3                       3
local7                  3                       3
vsan                    2                       2
fspf                    3                       3
fcdomain                2                       2
module                  5                       5
sysmgr                  3                       3
zone                    2                       2
vni                     2                       2
ipconf                  2                       2
ipfc                    2                       2
xbar                    3                       3
fcns                    2                       2
fcs                     2                       2
acl                     2                       2
tlport                  2                       2
port                    5                       5
flogi                   2                       2
port_channel            5                       5
wwn                     3                       3
fcc                     2                       2
qos                     3                       3
vrrp_cfg                2                       2
ntp                     2                       2
platform                5                       5
vrrp_eng                2                       2
callhome                2                       2
mcast                   2                       2
rdl                     2                       2
rscn                    2                       2
bootvar                 5                       2
securityd               2                       2
vhbad                   2                       2
rib                     2                       2
vshd                    5                       5
0(emergencies)          1(alerts)       2(critical)
3(errors)               4(warnings)     5(notifications)
6(information)          7(debugging)

Display Last Lines of the Logging File

The following example displays the last few lines of the log file: 


switch# show logging last 2
 
Nov 8 16:48:04 switchname %LOG_VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/1 (171.71.58.56)
Nov 8 17:44:09 switchname %LOG_VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/0 (171.71.58.72)

Display Switching Module Logging Status

The following example displays switching module logging status: 


switch# show logging module
 
 
Logging linecard:               enabled (Severity: debugging)

Display Monitor Logging Status

The following example displays the status and severity of message logging to remote login sessions: 


switch# show logging monitor
 
Logging monitor:                enabled (Severity: information)

Display Remote Logging Server Information

The following example displays the configured remote logging server information: 


switch# show logging server
Logging server:                 enabled
{192.168.113.1}
        server severity:        notifications
        server facility:        local7
        server VRF:             default
        server port:            55552
        server transport:       secure
{192.168.106.50}
        server severity:        notifications
        server facility:        local7
        server VRF:             default
        server port:            55551
        server transport:       secure
{192.168.229.220}
        server severity:        notifications
        server facility:        local7
        server VRF:             default
        server port:            55552

Display Logging Message Format Information and Time Zone Information:

Starting from NX-OS Release 9.4(4), the show logging format and show logging timezone commands have been introduced. The logging message format and the logging time zone are also included in the output of the show logging and show logging info commands.

The following example shows if RFC 5424 formatting is enabled for syslog logging messages and if RFC 5424 timestamps are enabled for other system log messages (such as accounting and debug messages):
switch# show logging format
Logging format rfc5424:         enabled
System timestamp format rfc5424:enabled
The following example shows if logging messages are logged with the local time zone or UTC time zone:
switch# show logging timezone
Logging timezone utc:           enabled

The following tables show the format of syslog messages in the local switch log and the format of syslog messages sent to remote syslog servers.

The tables use the following time and time zone values:

  • Local = 2025 Mar 27 16:22:24

  • UTC = 2025 Mar 27 10:52:24

  • TZ Offset = +05:30

Table 6. Controlling local syslog message format:

Configuration Command

Format of Message in show logging logfile

logging format rfc5424

logging timezone

system timestamp format rfc5424

Disabled

Disabled

Disabled

2025 Mar27 16:22:24 switch %SYSLOG...

Disabled

Disabled

Enabled

2025–03–27T16:22:24+05:30switch %SYSLOG...

Disabled

Enabled

Disabled

2025 Mar27 10:52:24 switch %SYSLOG....

Disabled

Enabled

Enabled

2025–03–27T10:52:24Zswitch %SYSLOG...

Enabled

Disabled

Disabled

<189>12025–03–27T16:22:24+05:30 switch – – – – %SYSLOG...

Enabled

Disabled

Enabled

<189>12025–03–27T16:22:24+05:30 switch – – – –%SYSLOG...

Enabled

Enabled

Disabled

<189>12025–03–27T10:52:24Z switch – – – – %SYSLOG…

Enabled

Enabled

Enabled

<189>12025–03–27T10:52:24Z switch – – – – %SYSLOG...
Table 7. Controlling syslog message format sent to remote servers:

Configuration Command

Format of Message Sent to Remote Logging Server

logging format rfc5424

logging timezone

system timestamp format rfc5424

Disabled

Disabled

Disabled

<189>:2025 Mar 27 16:22:24 switch %SYSLOG

Disabled

Disabled

Enabled

<189>12025–03–27T16:22:24+05:30 switch %SYSLOG…

Enabled

Disabled

Ignored

<189>12025–03–27T16:22:24+05:30 switch – – – – %SYSLOG…

Enabled

Enabled

Ignored

<189>12025–03–27T10:52:24Z switch – – – –%SYSLOG…

Additional References

For additional information related to implementing system message logging, see the following section:

MIBs

MIBs

MIBs Link

  • CISCO-SYSLOG-EXT-MIB
  • CISCO-SYSLOG-MIB

To locate and download MIBs, go to the following URL:

http://www.cisco.com/en/US/products/ps5989/prod_technical_reference_list.html