Overview of Traps and Logs

System Log Messaging

On a UNIX-based management platform, you can use system log (syslog) messaging to manage event messages. The switch syslog software communicates with a server software component named syslogd on the management workstation.

The UNIX daemon syslogd is a software component that receives and locally logs, displays, prints, and forwards messages that originate from sources internal and external to the workstation. For example, syslogd on a UNIX workstation concurrently handles messages received from applications that run on the workstation, as well as messages received from the switch that runs in a network accessible to the workstation.

The remote UNIX management workstation performs the following actions:

Log Consolidation

The switch generates a system log file and can forward that file to a syslog server for remote viewing, storage, and analyzing.

The system log captures messages for the following components:

The switch can send information in the system log file, including CLI command log and the SNMP operation log, to a syslog server.

View logs for CLILOG module to track all CLI commands executed and for fault management purposes. The CLI commands are logged to the system log file as CLILOG module.

View logs for SNMPLOG module to track SNMP logs. The SNMP operation log is logged to the system log file as SNMPLOG module.

The platform logs CLILOG and SNMPLOG as INFO. Normally, if you configure the logging level to WARNING, the system skips all INFO messages. However, if you enable CLILOG and SNMPLOG the system logs CLI Log and SNMP Log information regardless of the logging level you configure. This is not the case for other INFO messages.

System Log Client over IPv6 Transport

You can log system log messages to external system log hosts with both IPv4 and IPv6 addresses with no difference in functionality or configuration except in the following case. When you configure the system log table in EDM, under the System Log Table tab, you must select either IPv4 or IPv6.

Log Messages with Enhanced Secure Mode

Note

Note

This section applies to VSP 8600 Series only.

Enhanced secure mode allows the system to provide role-based access levels, stronger password requirements, and stronger rules on password length, password complexity, password change intervals, password reuse, and password maximum age use. If you enable enhanced secure mode, the system encrypts the entire log file.

With enhanced secure mode enabled, only individuals in the administrator or auditor role can view log files to analyze switch access and configuration activity. However, no access level role can modify the content of the log files, not even the administrator or the auditor access level roles. The administrator has access to the remove and delete commands.

If you enable enhanced secure mode, you cannot access the following commands for log files at any role-based access level:

If someone attempts to access a log file with the preceding commands, an information and warning message displays on the screen.

Log Files with Enhanced Secure Mode

Note

Note

This section does not apply to VSP 8600 Series.

Enhanced secure mode allows the system to provide role-based access levels to log file commands. If you enable enhanced secure mode, the system encrypts the entire log file.

Log files are generated to /inflash/shared.

The current log file is protected against wiping for Telnet, SSH, FTP, SFTP, TFTP, and SCP applications for the following commands:

Log Commands Accessible for Various Users

The following table summarizes log file command access based on role-based access levels.

Access level role

Commands

Administrator

Note: Exception: only applies to VSP 8600 Series.

The remove and delete commands.

No user at any access level.

The following commands:

  • more

  • edit

  • rename

  • copy

  • remove

  • delete

Note: remove and delete commands do not apply to VSP 8600 Series.

Administrator and auditor

All show commands for log files.

All users (Administrator, auditor, security, privilege, operator)

All show commands for log configurations.

With enhanced secure mode enabled, authorized users can use Telnet, SSH, FTP, SFTP, TFTP, SCP to transfer files to a remote server with the content encrypted.

SNMP Traps

The SNMP trap is an industry-standard method used to manage events. You can set SNMP traps for specific types of log message (for example, warning or fatal), from specific applications, and send them to a trap server for further processing. For example, you can configure the switch to send SNMP traps to a server after a port is unplugged or if a power supply fails.

This section only describes SNMP commands related to traps. For more information about how to configure SNMP community strings and related topics, see Simple Network Management Protocol (SNMP).