The syslog facility
allows the device to send a copy of the message log to a host for more
permanent storage. This feature allows you to examine the logs over a long
period of time or if the device is not accessible.
This example shows
how to configure the device to use the syslog facility on a Solaris platform.
Although a Solaris host is being used, the syslog configuration on all UNIX and
Linux systems is very similar.
Syslog uses the
facility to determine how to handle a message on the syslog server (the Solaris
system in this example) and the message severity. Different message severities
are handled differently by the syslog server. They could be logged to different
files or e-mailed to a particular user. Specifying a severity level on the
syslog server determines that all messages of that level and greater severity
(lower number) will be acted upon as you configure the syslog server.
configure the syslog server so that the
Cisco NX-OS messages are logged to a different
file from the standard syslog file so that they cannot be confused with other
non-Cisco syslog messages. Do not locate the logfile on the / file system. You
do not want log messages to fill up the / file system. This example uses the
syslog facility: local1
severity: notifications (level 5, the default)
File to log
Cisco NX-OS messages to: /var/adm/nxos_logs
To configure the
syslog feature on
Cisco NX-OS, follow these steps:
logging server 192.0.2.1 6
server command to verify the syslog configuration.
switch1# show logging server
Logging server: enabled
server severity: notifications
server facility: local1
server VRF: management
To configure a
syslog server, follow these steps:
/etc/syslog.conf to handle local1 messages. For Solaris, you must allow at
least one tab between the facility.severity and the action
Create the log
syslog service starting.
Verify that the
syslog process has started.
ps -ef |grep syslogd
Test the syslog
server by creating an event in
Cisco NX-OS. In this case, port e1/2 was shut down
and reenabled, and the following was listed on the syslog server. The IP
address of the device is listed in brackets.
tail -f /var/adm/MDS_logs
Sep 17 11:07:41 [172.22.36.142.2.2] : 2013 Sep 17 11:17:29 pacific: PORT-5-IF_DOWN_INITIALIZING: %$VLAN 1%$ Interface e 1/2 is down (Initializing)
Sep 17 11:07:49 [172.22.36.142.2.2] : 2013 Sep 17 11:17:36 pacific: %PORT-5-IF_UP: %$VLAN 1%$ Interface e 1/2 is up in mode access
Sep 17 11:07:51 [172.22.36.142.2.2] : 2013 Sep 17 11:17:39 pacific: %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/0 (dhcp-171-71-49-125.cisco.com