On a UNIX-based management platform, you can use system log (syslog) messaging to manage event messages. The switch syslog software communicates with a server software component named syslogd on the management workstation.
The UNIX daemon syslogd is a software component that receives and locally logs, displays, prints, and forwards messages that originate from sources internal and external to the workstation. For example, syslogd on a UNIX workstation concurrently handles messages received from applications that run on the workstation, as well as messages received from the switch that runs in a network accessible to the workstation.
The remote UNIX management workstation performs the following actions:
Receives system log messages from the switch.
Examines the severity code in each message.
Uses the severity code to determine appropriate system handling for each message.
The switch generates a system log file and can forward that file to a syslog server for remote viewing, storage, and analyzing.
The system log captures messages for the following components:
Central Processing Unit (CPU)
Command line interface (CLI) log
Extensible Authentication Protocol (EAP)
filter
hardware (HW)
Internet Protocol (IP)
MultiLink Trunking (MLT)
policy
Quality of Service (QoS)
Remote Authentication Dial-in User Service (RADIUS)
Remote Monitoring (RMON)
Simple Network Management Protocol (SNMP) log
software (SW)
Virtual Local Area Network (VLAN)
web
The switch can send information in the system log file, including CLI command log and the SNMP operation log, to a syslog server.
View logs for CLILOG module to track all CLI commands executed and for fault management purposes. The CLI commands are logged to the system log file as CLILOG module.
View logs for SNMPLOG module to track SNMP logs. The SNMP operation log is logged to the system log file as SNMPLOG module.
The platform logs CLILOG and SNMPLOG as INFO. Normally, if you configure the logging level to WARNING, the system skips all INFO messages. However, if you enable CLILOG and SNMPLOG the system logs CLI Log and SNMP Log information regardless of the logging level you configure. This is not the case for other INFO messages.
You can log system log messages to external system log hosts with both IPv4 and IPv6 addresses with no difference in functionality or configuration except in the following case. When you configure the system log table in EDM, under the System Log Table tab, you must select either IPv4 or IPv6.
Enhanced secure mode allows the system to provide role-based access levels to log file commands. If you enable enhanced secure mode, the system encrypts the entire log file.
Log files are generated to /inflash/shared.
The current log file is protected against wiping for Telnet, SSH, FTP, SFTP, TFTP, and SCP applications for the following commands:
Telnet and SSH:
mv
rename
delete
copy
cp
FTP:
delete
mput
put
TFTP:
put
SCP:
The following table summarizes log file command access based on role-based access levels.
|
Access level role |
Commands |
|---|---|
|
Administrator and Privilege (except for the active log file) |
The following commands:
|
|
Administrator, Privilege, and Auditor |
All show commands for log files. |
|
All users (Administrator, Privilege, Auditor, Security, Operator) |
All show commands for log configurations. |
With enhanced secure mode enabled, authorized users can use Telnet, SSH, FTP, SFTP, TFTP, SCP to transfer files to a remote server with the content encrypted. Users with Administrator and Privilege access level roles can remove old log files but they cannot remove the active log file.
The SNMP trap is an industry-standard method used to manage events. You can set SNMP traps for specific types of log message (for example, warning or fatal), from specific applications, and send them to a trap server for further processing. For example, you can configure the switch to send SNMP traps to a server after a port is unplugged or if a power supply fails.
This section only describes SNMP commands related to traps. For more information about how to configure SNMP community strings and related topics, see Simple Network Management Protocol (SNMP).