Overview of Traps and Logs

System Log Messaging

On a UNIX-based management platform, you can use system log (syslog) messaging to manage event messages. The switch syslog software communicates with a server software component named syslogd on the management workstation.

The UNIX daemon syslogd is a software component that receives and locally logs, displays, prints, and forwards messages that originate from sources internal and external to the workstation. For example, syslogd on a UNIX workstation concurrently handles messages received from applications that run on the workstation, as well as messages received from the switch that runs in a network accessible to the workstation.

The remote UNIX management workstation performs the following actions:

Log Consolidation

The switch generates a system log file and can forward that file to a syslog server for remote viewing, storage, and analyzing.

The system log captures messages for the following components:

The switch can send information in the system log file, including CLI command log and the SNMP operation log, to a syslog server.

View logs for CLILOG module to track all CLI commands executed and for fault management purposes. The CLI commands are logged to the system log file as CLILOG module.

View logs for SNMPLOG module to track SNMP logs. The SNMP operation log is logged to the system log file as SNMPLOG module.

The platform logs CLILOG and SNMPLOG as INFO. Normally, if you configure the logging level to WARNING, the system skips all INFO messages. However, if you enable CLILOG and SNMPLOG the system logs CLI Log and SNMP Log information regardless of the logging level you configure. This is not the case for other INFO messages.

System Log Client over IPv6 Transport

You can log system log messages to external system log hosts with both IPv4 and IPv6 addresses with no difference in functionality or configuration except in the following case. When you configure the system log table in EDM, under the System Log Table tab, you must select either IPv4 or IPv6.

Log Files with Enhanced Secure Mode

Enhanced secure mode allows the system to provide role-based access levels to log file commands. If you enable enhanced secure mode, the system encrypts the entire log file.

Log files are generated to /inflash/shared.

The current log file is protected against wiping for Telnet, SSH, FTP, SFTP, TFTP, and SCP applications for the following commands:

Log Commands Accessible for Various Users

The following table summarizes log file command access based on role-based access levels.

Access level role

Commands

Administrator and Privilege (except for the active log file)

The following commands:

  • edit

  • rename

  • copy

  • remove

  • delete

Administrator, Privilege, and Auditor

All show commands for log files.

All users (Administrator, Privilege, Auditor, Security, Operator)

All show commands for log configurations.

With enhanced secure mode enabled, authorized users can use Telnet, SSH, FTP, SFTP, TFTP, SCP to transfer files to a remote server with the content encrypted. Users with Administrator and Privilege access level roles can remove old log files but they cannot remove the active log file.

SNMP Traps

The SNMP trap is an industry-standard method used to manage events. You can set SNMP traps for specific types of log message (for example, warning or fatal), from specific applications, and send them to a trap server for further processing. For example, you can configure the switch to send SNMP traps to a server after a port is unplugged or if a power supply fails.

This section only describes SNMP commands related to traps. For more information about how to configure SNMP community strings and related topics, see Simple Network Management Protocol (SNMP).