The log messages for the switch have a standardized format. All system messages are tagged with the following information, except that alarm type and alarm status apply to alarm messages only:
CPU slot number—Indicates the CP slot where the command is logged.
timestamp—Records the date and time at which the event occurred. The format is MM/DD/YY hh:mm:ss.uuu, where uuu is milliseconds. Example: [11/01/10 11:41:21.376].
hostname—The Hostname from which the message is generated.
event code—Precisely identifies the event reported.
alarm code—Specifies the alarm code.
alarm type—Identifies the alarm type (Dynamic or Persistent) for alarm messages.
alarm status—Identifies the alarm status (set or clear) for alarm messages.
VRF name—Identifies the Virtual Routing and Forwarding (VRF) instance, if applicable.
module name—Identifies the software module or hardware from which the log is generated.
severity level—Identifies the severity of the message.
sequence number—Identifies a specific CLI command.
context—Specifies the type of the session used to connect to the switch. If the session is a remote session, the remote IP address is identified.
user name—Specifies the user name used to login to the switch.
CLI command—Specifies the commands typed during the CLI session. The system logs anything type during the CLI session as soon as the user presses the Enter key.
The following messages are examples of an informational message for CLILOG:
CP1 [07/18/14 13:23:11.253] 0x002c0600 00000000 GlobalRouter CLILOG INFO 13 TELNET:192.0.2.200 rwa show log file name-of-file log.40300001.1806 CP1 [07/18/14 13:24:19.739] 0x002c0600 00000000 GlobalRouter CLILOG INFO 15 TELNET:192.0.2.200 rwa term more en CP1 [07/18/14 13:24:22.577] 0x002c0600 00000000 GlobalRouter CLILOG INFO 16 TELNET:192.0.2.200 rwa show log CP1 [01/12/17 15:13:59.056] 0x002c0600 00000000 GlobalRouter CLILOG INFO 5 TELNET:198.51.100.108 rwa syslog host 4 CP1 [01/12/17 15:13:35.520] 0x002c0600 00000000 GlobalRouter CLILOG INFO 4 TELNET:198.51.100.108 rwa syslog host enable CP1 [01/12/17 15:13:14.576] 0x002c0600 00000000 GlobalRouter CLILOG INFO 3 TELNET:198.51.100.108 rwa show syslog CP1 [01/12/17 15:12:44.640] 0x002c0600 00000000 GlobalRouter CLILOG INFO 2 TELNET:198.51.100.108 rwa show logging file tail
The following messages are examples of an informational message for SNMPLOG:
CP1 [05/07/14 10:24:05.468] 0x002c4600 00000000 GlobalRouter SNMPLOG INFO 1 ver=v2c public rcVlanPortMembers.2 = CP1 [05/07/14 10:29:58.133] 0x002c4600 00000000 GlobalRouter SNMPLOG INFO 2 ver=v2c public rcVlanPortMembers.2 = CP1 [05/07/14 10:30:20.466] 0x002c4600 00000000 GlobalRouter SNMPLOG INFO 3 ver=v2c public rcVlanPortMembers.1 =
The following message is an example of an informational message for system logs:
CP1 [07/24/14 18:04:08.304] 0x00000670 00000000 GlobalRouter SW INFO Basic license supports all features on this device CP1 [07/24/14 18:04:10.651] 0x00034594 00000000 GlobalRouter SW INFO System boot
The system encrypts AP information before writing it to the log file.
The encrypted information in a log file is for debugging purposes. Only a Customer Service engineer can decrypt the encrypted information in a log file. CLI commands display the logs without the encrypted information. Do not edit the log file.
The following table describes the system message severity levels.
Severity level |
Definition |
---|---|
EMERGENCY |
A panic condition that occurs when the system becomes unusable. A severity level of emergency is usually a condition where multiple applications or servers are affected. You must correct a severity level of emergency immediately. |
ALERT |
Any condition requiring immediate attention and correction. You must correct a severity level of alert immediately, but this level usually indicates failure of a secondary system, such as an Internet Service Provider connection. |
CRITICAL |
Any critical conditions, such as a hard drive error. |
ERROR |
A nonfatal condition occurred. You can be required to take appropriate action. For example, the system generates an error message if it is unable to lock onto the semaphore required to initialize the IP addresses used to transfer the log file to a remote host. |
WARNING |
A nonfatal condition occurred. No immediate action is needed. An indication that an error can occur if action is not taken within a given amount of time. |
NOTIFICATION |
Significant event of a normal nature. An indication that unusual, but not error, conditions have occurred. No immediate action is required. |
INFO |
Information only. No action is required. |
DEBUG |
Message containing information useful for debugging. |
FATAL |
A fatal condition occurred. The system cannot recover without restarting. For example, a fatal message is generated after the configuration database is corrupted. |
Based on the severity code in each message, the platform dispatches each message to one or more of the following destinations:
workstation display
local log file
one or more remote hosts
You can log system log messages to external system log hosts with both IPv4 and IPv6 addresses with no difference in functionality or configuration except in the following case. When you configure the system log table in EDM, under the System Log Table tab, you must select either IPv4 or IPv6.
Internally, the switch has four severity levels for log messages: INFO, WARNING, ERROR, and FATAL. The system log supports eight different severity levels:
Debug
Info
Notice
Warning
Critical
Error
Alert
Emergency
The following table shows the default mapping of internal severity levels to syslog severity levels.
UNIX system error codes |
System log severity level |
Internal severity level |
---|---|---|
0 |
Emergency |
Fatal |
1 |
Alert |
|
2 |
Critical |
|
3 |
Error |
Error |
4 |
Warning |
Warning |
5 |
Notice |
|
6 |
Info |
Info |
7 |
Debug |