On a UNIX-based management platform, you can use system log (syslog) messaging to manage event messages. The switch syslog software communicates with a server software component named syslogd on the management workstation.
The UNIX daemon syslogd is a software component that receives and locally logs, displays, prints, and forwards messages that originate from sources internal and external to the workstation. For example, syslogd on a UNIX workstation concurrently handles messages received from applications that run on the workstation, as well as messages received from the switch that runs in a network accessible to the workstation.
The remote UNIX management workstation performs the following actions:
Receives system log messages from the switch.
Examines the severity code in each message.
Uses the severity code to determine appropriate system handling for each message.
The switch generates a system log file and can forward that file to a syslog server for remote viewing, storage, and analyzing.
The system log captures messages for the following components:
Extensible Authentication Protocol (EAP)
Remote Authentication Dial-in User Service (RADIUS)
Remote Monitoring (RMON)
web
hardware (HW)
MultiLink Trunking (MLT)
filter
Quality of Service (QoS)
Command line interface (CLI) log
software (SW)
Central Processing Unit (CPU)
Internet Protocol (IP)
Virtual Local Area Network (VLAN)
policy
Simple Network Management Protocol (SNMP) log
The switch can send information in the system log file, including CLI command log and the SNMP operation log, to a syslog server.
View logs for CLILOG module to track all CLI commands executed and for fault management purposes. The CLI commands are logged to the system log file as CLILOG module.
View logs for SNMPLOG module to track SNMP logs. The SNMP operation log is logged to the system log file as SNMPLOG module.
The platform logs CLILOG and SNMPLOG as INFO. Normally, if you configure the logging level to WARNING, the system skips all INFO messages. However, if you enable CLILOG and SNMPLOG the system logs CLI Log and SNMP Log information regardless of the logging level you configure. This is not the case for other INFO messages.
You can log system log messages to external system log hosts with both IPv4 and IPv6 addresses with no difference in functionality or configuration except in the following case. When you configure the system log table in EDM, under the System Log Table tab, you must select either IPv4 or IPv6.
Note
This section applies to VSP 8600 Series only.Enhanced secure mode allows the system to provide role-based access levels, stronger password requirements, and stronger rules on password length, password complexity, password change intervals, password reuse, and password maximum age use. If you enable enhanced secure mode, the system encrypts the entire log file.
With enhanced secure mode enabled, only individuals in the administrator or auditor role can view log files to analyze switch access and configuration activity. However, no access level role can modify the content of the log files, not even the administrator or the auditor access level roles. The administrator has access to the remove and delete commands.
If you enable enhanced secure mode, you cannot access the following commands for log files at any role-based access level:
edit
rename
copy
If someone attempts to access a log file with the preceding commands, an information and warning message displays on the screen.
Note
This section does not apply to VSP 8600 Series.Enhanced secure mode allows the system to provide role-based access levels to log file commands. If you enable enhanced secure mode, the system encrypts the entire log file.
Log files are generated to /inflash/shared.
The current log file is protected against wiping for Telnet, SSH, FTP, SFTP, TFTP, and SCP applications for the following commands:
Telnet and SSH:
mv
rename
delete
copy
cp
FTP:
delete
mput
put
TFTP:
put
SCP:
The following table summarizes log file command access based on role-based access levels.
Access level role |
Commands |
---|---|
Administrator Note: Exception: only applies to VSP 8600
Series.
|
The remove and delete commands. |
No user at any access level. |
The following commands:
Note: remove and delete commands do not
apply to VSP 8600
Series.
|
Administrator and auditor |
All show commands for log files. |
All users (Administrator, auditor, security, privilege, operator) |
All show commands for log configurations. |
With enhanced secure mode enabled, authorized users can use Telnet, SSH, FTP, SFTP, TFTP, SCP to transfer files to a remote server with the content encrypted.
The SNMP trap is an industry-standard method used to manage events. You can set SNMP traps for specific types of log message (for example, warning or fatal), from specific applications, and send them to a trap server for further processing. For example, you can configure the switch to send SNMP traps to a server after a port is unplugged or if a power supply fails.
This section only describes SNMP commands related to traps. For more information about how to configure SNMP community strings and related topics, see Simple Network Management Protocol (SNMP).