Configuring System Message Logging

This chapter describes how to configure system message logging on Cisco NX-OS devices.

This chapter contains the following sections:

Overview

System message logging is a mechanism that records system events and messages generated by the device, based on RFC 3164 .

  • By default, the device outputs messages to terminal sessions and logs system messages to a log file.

  • The device logs the most recent 100 messages of severity 0, 1, or 2 to the NVRAM log. Logging to NVRAM cannot be configured.

  • You can configure which system messages are logged based on the facility that generated the message and its severity level.

Reference Information

For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference .

The following table describes the severity levels used in system messages. When you configure the severity level, the system outputs messages at that level and lower.

Table 1. System Message Severity Levels

Level

Description

0 – emergency

System unusable

1 – alert

Immediate action needed

2 – critical

Critical condition

3 – error

Error condition

4 – warning

Warning condition

5 – notification

Normal but significant condition

6 – informational

Informational message only

7 – debugging

Appears during debugging only

Syslog Servers

The syslog servers run on remote systems that log system messages based on the syslog protocol. You can configure up to eight IPv4 or IPv6 syslog servers.

To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.


Note

When the device first initializes, messages are sent to syslog servers only after the network is initialized.

Secure Syslog Servers

Beginning with Cisco NX-OS Release 9.2(1), you can configure the syslog server with support for a secure TLS transport connectivity to remote logging servers. Additionally, you can enforce the NX-OS switches (client) identity via the mutual authentication configuration. For NX-OS switches, this feature supports TLSv1.1 and TLSv1.2.

The Secure syslog server feature uses the TCP/TLS transport and security protocols to provide device authentication and encryption. This feature enables a Cisco NX-OS device (acting as a client) to make a secure, encrypted outbound connection to remote syslog servers (acting as a server) supporting secure connectivity for logging. With authentication and encryption, this feature allows for a secure communication over an insecure network.

Default Settings

The following table lists the default settings for the system message logging parameters.

Table 2. Default System Message Logging Parameters

Parameters

Default

Console logging

Enabled at severity level 2

Monitor logging

Enabled at severity level 5

Log file logging

Enabled to log messages at severity level 5

Module logging

Enabled at severity level 5

Facility logging

Enabled

Time-stamp units

Seconds

Syslog server logging

Disabled

Syslog server configuration distribution

Disabled

Syslog Servers

The syslog servers run on remote systems that log system messages based on the syslog protocol. You can configure up to eight IPv4 or IPv6 syslog servers.

To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.


Note

When the device first initializes, messages are sent to syslog servers only after the network is initialized.

Guidelines and Limitations for System Message Logging

System message logging has the following configuration guidelines and limitations:

  • System messages are logged to the console and the log file by default.

  • Any system messages that are printed before the syslog server is reachable (such as supervisor active or online messages) cannot be sent to the syslog server.

  • Generally, the syslogs display the local time zone. However, few components such as NGINX display the logs in UTC time zone.

  • Cisco recommends maintaining the logging levels for all processes at default. Increasing the levels to higher values can result in seeing syslog messages that are not intended for customers, can generate false alarms, and are generally supposed to be used for short-term troubleshooting purposes by TAC. Cisco does not provide support for syslog messages at levels above default.

Default Settings for System Message Logging

The following table lists the default settings for the system message logging parameters.

Table 3. Default System Message Logging Parameters

Parameters

Default

Console logging

Enabled at severity level 2

Monitor logging

Enabled at severity level 5

Log file logging

Enabled to log messages at severity level 5

Module logging

Enabled at severity level 5

Facility logging

Enabled

Time-stamp units

Seconds

Syslog server logging

Disabled

Syslog server configuration distribution

Disabled

Configuring System Message Logging


Note
Be aware that the Cisco NX-OS commands for this feature might differ from those commands used in Cisco IOS.

Configure System Message Logging to Terminal Sessions

You can configure the device to log messages by their severity level to console, Telnet, and SSH sessions.

By default, logging is enabled for terminal sessions.


Note
The current critical (default) logging level is maintained if the console baud speed is 9600 baud (default). All attempts to change the console logging level will generate an error message. To increase the logging level (above critical), you must change the console baud speed to 38400 baud.

Note
Be aware that the Cisco NX-OS commands for this feature might differ from those commands used in Cisco IOS.

Procedure

Step 1

Enable the device to log messages to the console using the command terminal monitor

Example:

switch# terminal monitor

Step 2

Enter global configuration mode using the command configure terminal

Example:

switch# configure terminal
	switch(config)#

Step 3

Configure the device to log messages to the console session based on a specified severity level or higher using the command [ no ] logging console [ severity-level ]

Example:

switch(config)# logging console 3

A lower number indicates a higher severity level. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

If the severity level is not specified, the default of 2 is used. The no option disables the device’s ability to log messages to the console.

Step 4

Display the console logging configuration using the command show logging console

Example:

switch(config)# show logging console

This is an optional step.

Step 5

Enable the device to log messages to the monitor based on a specified severity level or higher using the command [ no ] logging monitor [ severity-level ]

Example:

switch(config)# logging monitor 3

A lower number indicates a higher severity level. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

The configuration applies to Telnet and SSH sessions.

If the severity level is not specified, the default of 2 is used. The no option disables the device’s ability to log messages to the Telnet and SSH sessions.

Step 6

(Optional) Display the monitor logging configuration using the command show logging monitor

Example:

switch(config)# show logging monitor

This is an optional step.

Step 7

Add the description for physical Ethernet interfaces and subinterfaces in the system message log using the command [ no ] logging message interface type ethernet description

Example:

switch(config)# logging message interface type ethernet description

The description is the same description that was configured on the interface.

The no option disables the printing of the interface description in the system message log for physical Ethernet interfaces.

Step 8

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

This is an optional step.

Log System Messages to a File

You can configure the device to log system messages to a file. By default, system messages are logged to the file /logflash/log/ logfilename .

Procedure

Step 1

Enter global configuration mode using the command configure terminal

Example:

switch# configure terminal
		switch(config)#

Step 2

Configure the nonpersistent log file parameters using the command [ no ] logging logfile logfile-name severity-level [ | size bytes ]

Example:

switch(config)# logging logfile my_log 6

logfile-name : Configures the name of the log file that is used to store system messages. Default filename is "message".

severity-level : Configures the minimum severity level to log. A lower number indicates a higher severity level. Default is 5. Range is from 0 through 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

size bytes : Optionally specify maximum file size. Range is from 4096 through 4194304 bytes.

Step 3

Log interface events using the command logging event { link-status | trunk-status } { enable | default }

Example:

switch(config)# logging event link-status default

  • link-status —Logs all UP/DOWN and CHANGE messages.

  • trunk-status —Logs all TRUNK status messages.

  • enable —Specifies to enable logging to override the port level configuration.

  • default —Specifies that the default logging configuration is used by interfaces that are not explicitly configured.

Step 4

Display the logging configuration using the command show logging info

Example:

switch(config)# show logging info

This is an optional step.

Step 5

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

This is an optional step.

Configure Module and Facility Messages Logging

You can configure the severity level and time-stamp units of messages logged by modules and facilities.

Procedure

Step 1

Enter global configuration mode using the command configure terminal

Example:

switch# configure terminal
	switch(config)#

Step 2

Enable module log messages that have the specified severity level or higher using the command [ no ] logging module [ severity-level ]

Example:

switch(config)# logging module 3

Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

If the severity level is not specified, the default of 5 is used. The no option disables module log messages.

Step 3

Display the module logging configuration using the command show logging module

Example:

switch(config)# show logging module

This is an optional step.

Step 4

Enable logging messages from the specified facility that have the specified severity level or higher using the command [ no ] logging level facility severity-level

Example:

switch(config)# logging level aaa 2

Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

To apply the same severity level to all facilities, use the all facility. For defaults, see the show logging level command.

The no option resets the logging severity level for the specified facility to its default level. If you do not specify a facility and severity level, the device resets all facilities to their default levels.

Step 5

Display the logging level configuration and the system default level by facility using the command show logging level [ facility ]

Example:

switch(config)# show logging level aaa

This is an optional step. If you do not specify a facility, the device displays levels for all facilities.

Step 6

Enable logging of the Ethernet Port Manager link-up/link-down syslog messages at level 3 using the command [ no ] logging level ethpm

Example:


						switch(config)# logging level ethpm ?
						<0-7>      0-emerg;1-alert;2-crit;3-err;4-warn;5-notif;6-inform;7-debug
	link-down  Configure logging level for link down syslog messages
	link-up    Configure logging level for link up syslog messages
						
						switch(config)#logging level ethpm link-down ?
						error  ERRORS
	notif  NOTICE
						(config)# logging level ethpm link-down error ?
						
						<CR>
						(config)# logging level ethpm link-down notif ?
						<CR>
						switch(config)#logging level ethpm link-up ?
						error  ERRORS
	notif  NOTICE
						(config)# logging level ethpm link-up error ?
						
						<CR>
						(config)# logging level ethpm link-up notif ?
						<CR>

Use the no option to use the default logging level for Ethernet Port Manager syslog messages.

Step 7

Set the logging time-stamp units using the command [ no ] logging timestamp { microseconds | milliseconds | seconds }

Example:

switch(config)# logging timestamp milliseconds

By default, the units are seconds.

Note

 
This command applies to logs that are kept in the switch. It does not apply to the external logging server.

Step 8

Display the logging time-stamp units configured using the command show logging timestamp

Example:

switch(config)# show logging timestamp

This is an optional step.

Step 9

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

This is an optional step.

Configure Syslog Servers


Note
Cisco recommends that you configure the syslog server to use the management virtual routing and forwarding (VRF) instance. For more information on VRFs, see Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.

You can configure up to eight syslog servers that reference remote systems where you want to log system messages.

Procedure

Step 1

Enter global configuration mode using the command configure terminal

Example:

switch# configure terminal
		switch(config)#

Step 2

Configure a syslog server at the specified hostname, IPv4, or IPv6 address using the command [ no ] logging server host [ severity-level [ use-vrf vrf-name ]]

Example:

switch(config)# logging server 192.0.2.253

Example:


						
	switch(config)# logging server 2001::3 5 use-vrf red

You can specify logging of messages to a particular syslog server in a VRF by using the use-vrf keyword. The use-vrf vrf-name keyword identifies the default or management values for the VRF name. The default VRF is marked as 'default'. However, the show-running command will not list the default VRF. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

The default outgoing facility is local7.

The no option removes the logging server for the specified host.

The first example forwards all messages on facility local 7. The second example forwards messages with severity level 5 or lower to the specified IPv6 address in VRF red.

Step 3

Enable a source interface for the remote syslog server using the command logging source-interface loopback virtual-interface

Example:

switch(config)# logging source-interface loopback 5

The range for the virtual-interface argument is from 0 to 1023.

Step 4

Display the syslog server configuration using the command show logging server

Example:

switch(config)# show logging server

This is an optional step.

Step 5

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

This is an optional step.

Configure Syslog Server on a UNIX or Linux System

You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file:


				
					facility.level
				 
	<five tab characters> 
				
					action

The following table describes the syslog fields that you can configure.

Table 4. Syslog fields in syslog.conf

Field

Description

Facility

Creator of the message, which can be auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, local0 through local7, or an asterisk (*) for all. These facility designators allow you to control the destination of messages based on their origin.

Note

 

Check your configuration before using a local facility.

Level

Minimum severity level at which messages are logged, which can be debug, info, notice, warning, err, crit, alert, emerg, or an asterisk (*) for all. You can use none to disable a facility.

Action

Destination for messages, which can be a filename, a hostname preceded by the at sign (@), a comma-separated list of users, or an asterisk (*) for all logged-in users.

Procedure

Step 1

Log debug messages with the local7 facility in the file /var/log/myfile.log by adding the following line to the /etc/syslog.conf file

Example:

debug.local7 var/log/myfile.log

Step 2

Create the log file by entering these commands at the shell prompt

Example:

$ touch /var/log/myfile.log
	$ chmod 666 /var/log/myfile.log

Step 3

Make sure the system message logging daemon reads the new changes by checking myfile.log after entering this command

Example:

$ kill -HUP ~cat /etc/syslog.pid~

Display and Clear Log Files

You can display or clear messages in the log file and the NVRAM.

Procedure

Step 1

Display the last number of lines in the logging file using the command show logging last number-lines

Example:

switch# show logging last 40

You can specify from 1 to 9999 for the last number of lines.

Step 2

Display the messages in the log file that have occurred within the duration entered using the command show logging logfile duration hh:mm:ss

Example:

switch# show logging logfile duration 15:10:0

Step 3

Display the sequence number of the last message in the log file using the command show logging logfile last-index

Example:

switch# show logging logfile last-index

Step 4

Display the messages in the log file that have a timestamp within the span entered using the command show logging logfile [ start-time yyyy mmm dd hh:mm:ss ] [ end-time yyyy mmm dd hh:mm:ss ]

Example:

switch# show logging logfile start-time 2013 oct 1 15:10:0

If you do not enter an end time, the current time is used. You enter three characters for the month time field and digits for the year and day time fields.

Step 5

Display messages occurring within a range of sequence numbers using the command show logging logfile [ start-seqn number ] [ end-seqn number ]

Example:

switch# show logging logfile start-seqn 100 end-seqn 400

If you do not include an end sequence number, the system displays messages from the start number to the last message in the log file.

Step 6

Display the messages in the NVRAM using the command show logging nvram [ last number-lines ]

Example:

switch# show logging nvram last 10

To limit the number of lines displayed, you can enter the last number of lines to display. You can specify from 1 to 100 for the last number of lines.

Step 7

Clear the contents of the log file using the command clear logging logfile [ persistent ]

Example:

switch# clear logging logfile

persistent : Clears the contents of the log file from the persistent location.

Step 8

Clear the logged messages in NVRAM using the command clear logging nvram

Example:

switch# clear logging nvram

Verifying the System Message Logging Configuration

To display system message logging configuration information, perform one of the following tasks:

Command

Purpose

show logging console

Displays the console logging configuration.

show logging info

Displays the logging configuration.

show logging last number-lines

Displays the last number of lines of the log file.

show logging level [facility]

Displays the facility logging severity level configuration.

show logging logfile duration hh:mm:ss

Displays the messages in the log file that have occurred within the duration entered.
show logging logfile last-index

Displays the sequence number of the last message in the log file.
show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]

Displays the messages in the log file based on a start and end date/time.

show logging logfile [start-seqn number ] [end-seqn number]

Displays messages occurring within a range of sequence numbers. If you do not include an end sequence number, the system displays messages from the start number to the last message in the log file.

show logging module

Displays the module logging configuration.

show logging monitor

Displays the monitor logging configuration.

show logging nvram [last number-lines]

Displays the messages in the NVRAM log.

show logging server

Displays the syslog server configuration.

show logging timestamp

Displays the logging time-stamp units configuration.

Configuration for System Message Logging

System Message Logging Configuration Example

System message logging configuration enables you to control where and how system messages are logged on the device.

This example shows how to configure system message logging:

configure terminal
    logging console 3
    logging monitor 3
    logging logfile my_log 6
    logging module 3
    logging level aaa 2
    logging timestamp milliseconds
    logging server 172.28.254.253
    logging server 172.28.254.254 5 facility local3
    copy running-config startup-config

Verify System Message Logging Configuration

To display system message logging configuration information, perform one of the following tasks:

Command

Purpose

show logging console

Displays the console logging configuration.

show logging info

Displays the logging configuration.

show logging last number-lines

Displays the last number of lines of the log file.

show logging level [facility]

Displays the facility logging severity level configuration.

show logging logfile duration hh:mm:ss

Displays the messages in the log file that have occurred within the duration entered.
show logging logfile last-index

Displays the sequence number of the last message in the log file.
show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]

Displays the messages in the log file based on a start and end date/time.

show logging logfile [start-seqn number ] [end-seqn number]

Displays messages occurring within a range of sequence numbers. If you do not include an end sequence number, the system displays messages from the start number to the last message in the log file.

show logging module

Displays the module logging configuration.

show logging monitor

Displays the monitor logging configuration.

show logging nvram [last number-lines]

Displays the messages in the NVRAM log.

show logging server

Displays the syslog server configuration.

show logging timestamp

Displays the logging time-stamp units configuration.

Additional References

Related Documents

This section provides a reference to related documents for further information.

Related Topic

Document Title

System messages

Cisco NX-OS System Messages Reference