System and Message Logging
System logging allows controllers to log their system events to up to three remote syslog servers. The controller sends a copy of each syslog message as it is logged to each syslog server configured on the controller. Being able to send the syslog messages to multiple servers ensures that the messages are not lost due to the temporary unavailability of one syslog server. Message logging allows system messages to be logged to the controller buffer or console.
For more information about system messages and trap logs, see http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-system-message-guides-list.html.
This section contains the following subsections:
Configuring System and Message Logging (GUI)
Procedure
Step 1 |
Choose Management > Logs > Config. The Syslog Configuration page appears. |
||
Step 2 |
In the Syslog Server IP Address (IPv4/IPv6) field, enter the IPv4/IPv6 address of the server to which to send the syslog messages and click Add. You can add up to three syslog servers to the controller. The list of syslog servers that have already been added to the controller appears below this field.
|
||
Step 3 |
To set the severity level for filtering syslog messages to the syslog servers, choose one of the following options from the Syslog Level drop-down list:
If you set a syslog level, only those messages whose severity is equal to or less than that level are sent to the syslog servers. For example, if you set the syslog level to Warnings (severity level 4), only those messages whose severity is between 0 and 4 are sent to the syslog servers.
|
||
Step 4 |
To set the facility for outgoing syslog messages to the syslog servers, choose one of the following options from the Syslog Facility drop-down list:
|
||
Step 5 |
Click Apply. |
||
Step 6 |
To set the severity level for logging messages to the controller buffer and console, choose one of the following options from both the Buffered Log Level and Console Log Level drop-down lists:
If you set a logging level, only those messages whose severity is equal to or less than that level are logged by the controller. For example, if you set the logging level to Warnings (severity level 4), only those messages whose severity is between 0 and 4 are logged. |
||
Step 7 |
Select the File Info check box if you want the message logs to include information about the source file. The default value is enabled. |
||
Step 8 |
Select the Trace Info check box if you want the message logs to include traceback information. The default is disabled. |
||
Step 9 |
Click Apply. |
||
Step 10 |
Click Save Configuration. |
Viewing Message Logs (GUI)
To view message logs using the controller GUI, choose Management > Logs > Message Logs. The Message Logs page appears.
Note |
To clear the current message logs from the controller, click Clear. |
Configuring System and Message Logging (CLI)
Procedure
Step 1 |
Enable system logging and set the IP address of the syslog server to which to send the syslog messages by entering this command: config logging syslog host server_IP_address You can add up to three syslog servers to the controller.
|
||||
Step 2 |
Set the severity level for filtering syslog messages to the syslog server by entering this command: config logging syslog level severity_level where severity_level is one of the following:
|
||||
Step 3 |
Set the severity level for filtering syslog messages for a particular access point or for all access points by entering this command: config ap logging syslog level severity_level {Cisco_AP | all} where severity_level is one of the following:
|
||||
Step 4 |
Set the facility for outgoing syslog messages to the syslog server by entering this command: config logging syslog facility facility-code where facility-code is one of the following:
|
||||
Step 5 |
Configure the syslog facility for AP using the following command: config logging syslog facility AP where AP can be:
|
||||
Step 6 |
Configure the syslog facility for an AP or all APs by entering this command: config ap logging syslog facility facility-level {Cisco_AP | all} where facility-level is one of the following:
|
||||
Step 7 |
Configure the syslog facility for client by entering this command: config logging syslog facility client {assocfail | associate | authentication | authfail | deauthenticate | disassociate | excluded} {enable | disable} where:
|
||||
Step 8 |
Configure transmission of syslog messages over IPSec by entering this command: config logging syslog ipsec {enable | disable} |
||||
Step 9 |
Configure transmission of syslog messages over transport layer security (TLS) by entering this command: config logging syslog tls {enable | disable} Enabling syslog over TLS on the controller enables the feature for all syslog hosts defined in the controller. You can define up to three syslog hosts per controller. The controller transmits messages concurrently to all the configured syslog hosts. Check if the controller has an active TLS connection to the syslog server by entering the show logging command. The following is a sample output:
|
||||
Step 10 |
Set the severity level for logging messages to the controller buffer and console by entering these commands:
where severity_level is one of the following:
|
||||
Step 11 |
Save debug messages to the controller buffer, the controller console, or a syslog server by entering these commands:
|
||||
Step 12 |
To cause the controller to include information about the source file in the message logs or to prevent the controller from displaying this information by entering this command: config logging fileinfo {enable | disable} The default value is enabled. |
||||
Step 13 |
Configure the controller to include process information in the message logs or to prevent the controller from displaying this information by entering this command: config logging procinfo {enable | disable} The default value is disabled. |
||||
Step 14 |
Configure the controller to include traceback information in the message logs or to prevent the controller from displaying this information by entering this command: config logging traceinfo {enable | disable} The default value is disabled. |
||||
Step 15 |
Enable or disable timestamps in log messages and debug messages by entering these commands:
|
||||
Step 16 |
Save your changes by entering this command: save config |
Viewing System and Message Logs (CLI)
To see the logging parameters and buffer contents, enter this command:
show logging
Viewing Access Point Event Logs
Information About Access Point Event Logs
Access points log all system messages (with a severity level greater than or equal to notifications) to the access point event log. The event log can contain up to 1024 lines of messages, with up to 128 characters per line. When the event log becomes filled, the oldest message is removed to accommodate a new event message. The event log is saved in a file on the access point flash, which ensures that it is saved through a reboot cycle. To minimize the number of writes to the access point flash, the contents of the event log are written to the event log file during normal reload and crash scenarios only.
Viewing Access Point Event Logs (CLI)
Use these CLI commands to view or clear the access point event log from the controller:
-
To see the contents of the event log file for an access point that is joined to the controller, enter this command:
show ap eventlog ap-name
Information similar to the following appears:
AP event log download has been initiated Waiting for download to complete AP event log download completed. ======================= AP Event log Contents ===================== *Sep 22 11:44:00.573: %CAPWAP-5-CHANGED: CAPWAP changed state to IMAGE *Sep 22 11:44:01.514: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down *Sep 22 11:44:01.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down *Sep 22 11:44:53.539: *** Access point reloading. Reason: NEW IMAGE DOWNLOAD *** *Mar 1 00:00:39.078: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP. *Mar 1 00:00:42.142: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source *Mar 1 00:00:42.151: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up *Mar 1 00:00:42.158: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up *Mar 1 00:00:43.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up *Mar 1 00:00:43.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up *Mar 1 00:00:48.078: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER *Mar 1 00:01:42.144: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source *Mar 1 00:01:48.121: %CAPWAP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain *Mar 1 00:01:48.122: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN *Mar 1 00:01:48.122: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down *Mar 1 00:01:48.122: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

-
To delete the existing event log and create an empty event log file for all access points or for a specific access point joined to the controller, enter this command:
clear ap eventlog {all | ap-name}