The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
You can use system message logging to control the destination and to filter the severity level of messages that system processes generate. You can configure logging to terminal sessions, a log file, and syslog servers on remote systems.
System message logging is based on RFC 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference.
By default, the device outputs messages to terminal sessions.
The following table describes the severity levels used in system messages. When you configure the severity level, the system outputs messages at that level and lower.
Level | Description |
---|---|
0 – emergency |
System unusable |
1 – alert |
Immediate action needed |
2 – critical |
Critical condition |
3 – error |
Error condition |
4 – warning |
Warning condition |
5 – notification |
Normal but significant condition |
6 – informational |
Informational message only |
7 – debugging |
Appears during debugging only |
The device logs the most recent 100 messages of severity 0, 1, or 2.
You can configure which system messages should be logged based on the facility that generated the message and its severity level.
Syslog servers run on remote systems that are configured to log system messages based on the syslog protocol. You can configure up to three syslog servers.
Note |
When the device first initializes, messages are sent to syslog servers only after the network is initialized. |
The following table lists the facilities that you can use in system message logging configuration
Facility | Description |
---|---|
aaa |
AAA manager |
aclmgr |
ACL manager |
adjmgr |
Adjacency Manager |
all |
Keyword that represents all facilities |
arbiter |
Arbiter manager |
arp |
ARP manager |
auth |
Authorization system |
authpriv |
Private authorization system |
bootvar |
Bootvar |
callhome |
Call home manager |
capability |
MIG utilities daemon |
cert-enroll |
Certificate enroll daemon |
cfs |
CFS manager |
clis |
CLIS manager |
cmpproxy |
CMP proxy manager |
copp |
CoPP manager |
core |
Core daemon |
cron |
Cron and at scheduling service |
daemon |
System daemons |
dhcp |
DHCP manager |
diagclient |
GOLD diagnostic client manager |
diagmgr |
GOLD diagnostic manager |
eltm |
ELTM manager |
evmc |
EVMC manager |
evms |
EVMS manager |
feature-mgr |
Feature manager |
fs-daemon |
Fs daemon |
ftp |
File transfer system |
glbp |
GLBP manager |
hsrp |
HSRP manager |
im |
IM manager |
ipconf |
IP configuration manager |
ipfib |
IP FIB manager |
kernel |
OS kernel |
l2fm |
L2 FM manager |
l2nac |
L2 NAC manager |
l3vm |
L3 VM manager |
license |
Licensing manager |
local0 |
Local use daemon |
local1 |
Local use daemon |
local2 |
Local use daemon |
local3 |
Local use daemon |
local4 |
Local use daemon |
local5 |
Local use daemon |
local6 |
Local use daemon |
local7 |
Local use daemon |
lpr |
Line printer system |
m6rib |
M6RIB manager |
Mail system |
|
mfdm |
MFDM manager |
module |
Module manager |
mrib |
MRIB manager |
mvsh |
MVSH manager |
news |
USENET news |
nf |
NF manager |
ntp |
NTP manag |
otm |
GLBP manager |
pblr |
PBLR manager |
pfstat |
PFSTAT manager |
pixm |
PIXM manager |
pixmc |
PIXMC manager |
pktmgr |
Packet manager |
platform |
Platform manager |
pltfm_config |
PLTFM configuration manager |
plugin |
Plug-in manager |
port_client |
Port client manager |
port_lb |
Diagnostic port loopback test manager |
qengine |
Q engine manager |
radius |
RADIUS manager |
res_mgr |
Resource manager |
rpm |
RPM manager |
security |
Security manager |
session |
Session manager |
spanning-tree |
Spanning tree manager |
syslog |
Internal syslog manager |
sysmgr |
System manager |
tcpudp |
TCP and UDP manager |
u2 |
U2 manager |
u6rib |
U6RIB manager |
ufdm |
UFDM manager |
urib |
URIB manager |
user |
User process |
uucp |
Unix-to-Unix copy system |
vdc_mgr |
VDC manager |
vlan_mgr |
VLAN manager |
vmm |
VMM manager |
vshd |
VSHD manager |
xbar |
XBAR manager |
xbar_client |
XBAR client manager |
xbar_driver |
XBAR driver manager |
xml |
XML agent |
System messages are logged to the console and the logfile by default.
Parameter | Default |
---|---|
Console logging |
Enabled at severity level 2 |
Monitor logging |
Enabled at severity level 5 |
Log file logging |
Enabled to log messages at severity level 5 |
Module logging |
Enabled at severity level 5 |
Facility logging |
Enabled |
Time-stamp units |
Seconds |
syslog server logging |
Disabled |
syslog server configuration distribution |
Disabled |
This section includes the following topics:
You can log messages by severity level to console, telnet, and SSH sessions. By default, logging is enabled for terminal sessions.
switch# terminal monitor switch# configure terminal switch(config)# logging console 2 switch(config)# show logging console Logging console: enabled (Severity: critical) switch(config)# logging monitor 3 switch(config)# show logging monitor Logging monitor: enabled (Severity: errors) switch(config)# copy running-config startup-config switch(config)#
You can use the following commands in the CLI Global Configuration mode to restore default settings for system message logging for terminal sessions.
Command | Description |
---|---|
no logging console [severity-level] |
Disables the device from logging messages to the console. |
no logging monitor [severity-level] |
Disables logging messages to telnet and SSH sessions. |
You can configure the severity level and time-stamp units of messages logged by modules.
The following example shows how to configure system message logging for modules.
switch# configure terminal switch(config)# logging module 3 switch(config)# show logging module Logging linecard: enabled (Severity: errors) switch(config)# logging timestamp microseconds switch(config)# show logging timestamp Logging timestamp: Microseconds switch(config)# copy running-config startup-config switch(config)#
You can use the following commands in the CLI Global Configuration mode to restore default settings for system message logging for modules.
Command | Description |
---|---|
no logging module [severity-level] |
Restores the default severity level for logging module system messages. |
no logging timestamp {microseconds | milliseconds | seconds} |
Resets the logging time-stamp unit to the default (seconds). |
Use this procedure to configure the severity level and time-stamp units of messages logged by facilities.
The following example shows how to configure system message logging for modules.
switch# configure terminal switch(config)# logging module 3 switch(config)# show logging module Logging linecard: enabled (Severity: errors) switch(config)# logging timestamp microseconds switch(config)# show logging timestamp Logging timestamp: Microseconds switch(config)# copy running-config startup-config switch(config)#
You can use the following commands to restore system message logging defaults for facilities.
Command | Description |
---|---|
no logging level [facility severity-level] |
Restores the default logging severity level for the specified facility. If you do not specify a facility and severity level, the device resets all facilities to their default levels. |
no logging timestamp {microseconds | milliseconds | seconds} |
Resets the logging time-stamp unit to the default (seconds). |
Use this procedure to configure syslog servers for system message logging.
The following example shows how to forward all messages on facility local7.
switch# configure terminal switch(config)# logging server 10.10.2.2 7 switch(config)# show logging server Logging server: enabled {10.10.2.2} server severity: debugging server facility: local7 switch(config)# copy running-config startup-config switch(config)#
You can use the following command to restore server system message logging default.
Command | Description |
---|---|
no logging server host |
Removes the logging server for the specified host. |
The following UNIX or Linux fields must be configured for syslog.
Field | Description | ||
---|---|---|---|
Facility |
Creator of the message, which can be auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, local0 through local7, or an asterisk (*) for all. These facility designators allow you to control the destination of messages based on their origin.
|
||
Level |
Minimum severity level at which messages are logged, which can be debug, info, notice, warning, err, crit, alert, emerg, or an asterisk (*) for all. You can use none to disable a facility. |
||
Action |
Destination for messages, which can be a filename, a host name preceded by the at sign (@), or a comma-separated list of users or an asterisk (*) for all logged-in users. |
Use this procedure to display messages in the log file.
Command or Action | Purpose | |
---|---|---|
Step 1 | show logging last number-lines |
Displays the last number of lines in the logging file. You can specify from 1 to 9999 for the last number of lines. |
The following example shows the last five lines in the logging file.
switch# show logging last 5 2008 Aug 31 09:37:04 CP-beta2 %KERN-3-SYSTEM_MSG: packet_recvms g: truncated packet (size=1514 left=1500) - kernel 2008 Aug 31 09:37:04 CP-beta2 %KERN-3-SYSTEM_MSG: packet_recvms g: truncated packet (size=1514 left=1500) - kernel 2008 Aug 31 09:37:05 CP-beta2 %KERN-3-SYSTEM_MSG: packet_recvms g: truncated packet (size=1514 left=1500) - kernel 2008 Aug 31 09:37:05 CP-beta2 %KERN-3-SYSTEM_MSG: packet_recvms g: truncated packet (size=1514 left=1500) - kernel 2008 Aug 31 09:37:05 CP-beta2 %KERN-3-SYSTEM_MSG: packet_recvms g: truncated packet (size=1514 left=1500) - kernel switch#
Use one of the following commands to verify the configuration:
Command | Purpose |
---|---|
show logging console |
Displays the console logging configuration. |
show logging info |
Displays the logging configuration. |
show logging last number-lines |
Displays the last number of lines of the log file. |
show logging level [facility] |
show logging level [facility] |
show logging module |
Displays the module logging configuration. |
show logging monitor |
Displays the monitor logging configuration. |
show logging server |
Displays the syslog server configuration. |
show logging session |
Displays the logging session status. |
show logging status |
Displays the logging status. |
show logging timestamp |
Displays the logging time-stamp units configuration. |
Feature Name |
Releases |
Feature Information |
---|---|---|
System Message Logging |
Release 5.2(1)IC1(1.1) |
This feature was introduced. |