filter filter-id
no filter
config>log
Supported on all 7210 SAS platforms as described in this document
This command adds an event filter policy with the log destination.
This command is optional. If no event filter is configured, all events, alarms, and traps generated by the source stream are forwarded to the destination.
An event filter policy defines (limits) the events that are forwarded to the destination configured in the log ID. The event filter policy can also be used to select the alarms and traps to be forwarded to a destination snmp-trap-group.
The application of filters for debug messages is limited to application and subject only.
Accounting records cannot be filtered using the filter command.
Only one filter-id can be configured per log destination.
The no form of the command removes the specified event filter from the log-id.
no filter
Specifies the filter with which to associate the log-id configuration. The event filter policy ID must already be defined in config>log>filter filter-id.
from {[main] [security] [change] [debug-trace]}
no from
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies the source stream to be sent to a log destination.
One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example, from main change debug-trace).
Only one from command may be entered for a single log-id. If multiple from commands are configured, the last command entered overwrites the previous from command.
The no form of this command removes all previously configured source streams.
Instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter command.
Instructs all events in the security event stream to be sent to the destination defined in the to command for this destination log-id. The security stream contains all events that affect attempts to breach system security such as failed login attempts, attempts to access MIB tables to which the user is not granted access or attempts to enter a branch of the CLI to which access has not been granted. To limit the events forwarded to the destination, configure filters using the filter command.
Instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter command.
Instructs all debug-trace messages in the debug stream to be sent to the destination configured in the to command for this destination log-id. Filters applied to debug messages are limited to application and subject.
[no] log-id log-id
config>log
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure destinations for event streams.
The log-id context is used to direct events, alarms and traps, and debug information to respective destinations.
A maximum of 10 logs can be configured.
Before an event can be associated with this log-id, the from command identifying the source of the event must be configured.
Only one destination can be specified for a log-id. The destination of an event stream can be an in-memory buffer, console, session, snmp-trap-group, syslog, or file.
Use the event-control command to suppress the generation of events, alarms, and traps for all log destinations.
An event filter policy can be applied in the log-id context to limit which events, alarms, and traps are sent to the specified log-id.
Log IDs 99 and 100 are created by the agent. Log ID 99 captures all log messages. Log ID 100 captures log messages with a severity level of major and above.
Log ID 99 provides valuable information for the admin-tech file. Removing or changing the log configuration may hinder debugging capabilities. It is strongly recommended not to alter the configuration for log ID 99.
The no form of this command deletes the log destination ID from the configuration.
Specifies the log ID number, expressed as a decimal integer.
to console
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies a log ID destination. This parameter is mandatory when configuring a log destination. This command instructs the events selected for the log ID to be directed to the console. If the console is not connected, all entries are dropped.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.
to file log-file-id
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies a log ID destination. This parameter is mandatory when configuring a log destination. This command instructs the events selected for the log ID to be directed to a specified file.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.
Instructs the events selected for the log ID to be directed to the log-file-id. The characteristics of the log-file-id referenced here must have already been defined in the config>log>file log-file-id context.
to memory [size]
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies a log ID destination. This parameter is mandatory when configuring a log destination. This command instructs the events selected for the log ID to be directed to a memory log. A memory file is a circular buffer. When the file is full, each new entry replaces the oldest entry in the log.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.
Specifies the number of events that can be stored in the memory.
to session
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies a log ID destination and is mandatory when configuring a log destination. This command instructs the events selected for the log ID to be directed to the current console or Telnet session. This command is only valid for the duration of the session. When the session is terminated the log ID is removed. A log ID with a session destination is not saved in the configuration file.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.
to snmp [size]
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies the log ID destination. This parameter is mandatory when configuring a log destination. This command instructs the alarms and traps to be directed to the snmp-trap-group associated with log-id.
A local circular memory log is always maintained for SNMP notifications sent to the specified snmp-trap-group for the log-id.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.
Specifies the number of events stored in this memory log.
to syslog syslog-id
config>log
Supported on all 7210 SAS platforms as described in this document
This command also specifies the log ID destination. This parameter is mandatory when configuring a log destination.
This command instructs the alarms and traps to be directed to a specified syslog. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1k bytes.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.
Instructs the events selected for the log ID to be directed to the syslog-id. The characteristics of the syslog-id referenced here must have been defined in the config>log>syslog syslog-id context.
time-format {local | utc}
config>log
Supported on all 7210 SAS platforms as described in this document
This command specifies whether the time should be displayed in the local or Coordinated Universal Time (UTC) format.
time-format utc
Specifies that timestamps are written in the system’s local time.
Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.