Log Command Reference

Command Hierarchies

  1. Configuration Commands
    1. Accounting Policy Commands
    2. Event Control Commands
    3. Log File Commands
    4. Log Filter Commands
    5. Syslog Commands
    6. Logging Destination Commands
    7. SNMP Trap Groups Commands
  2. Show Commands
  3. Clear Commands

Configuration Commands

Accounting Policy Commands

config
— log
accounting-policy acct-policy-id [interval minutes]
— no accounting-policy acct-policy-id
[no] default
description description-string
— no description
record record-name
— no record
[no] shutdown
to file file log-file-id

Event Control Commands

config
— log
event-control application-id [event-name | event-number] generate [severity-level] [throttle]
event-control  application-id [event-name | event-number] suppress
— no event-control application-id [event-name | event-number]
throttle-rate events [interval seconds]
— no throttle-rate

Log File Commands

config
— log
[no] file-id log-file-id
description description-string
— no description
location cflash-id
rollover minutes [retention hours]
— no rollover

Log Filter Commands

config
— log
[no] filter filter-id
default-action {drop | forward}
— no default-action
description description-string
— no description
[no] entry entry-id
action {drop | forward}
— no action
description description-string
— no description
[no] match
application {eq | neq} application-id
— no application
number {eq | neq | lt | lte | gt | gte} event-id
— no number
router {eq | neq} router-instance [regexp]
— no router
severity {eq | neq | lt | lte | gt | gte} severity-level
— no severity
subject {eq | neq} subject [regexp]
— no subject

Syslog Commands

config
— log
[no] syslog syslog-id
address ip-address
— no address
description description-string
— no description
facility syslog-facility
— no facility
level syslog-level
— no level
log-prefix log-prefix-string
— no log-prefix
port port
— no port

Logging Destination Commands

config
— log
[no] log-id log-id
description description-string
— no description
filter filter-id
— no filter
from {[main] [security] [change] [debug-trace]}
— no from
[no] shutdown
time-format {local | utc}
to console
to file log-file-id
to memory [size]
to session
to snmp [size]
to syslog syslog-id

SNMP Trap Groups Commands

config
— log
[no] snmp-trap-group log-id
description description-string
— no description
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community {communityName | snmpv3SecurityName}[security-level {no-auth-no-privacy | auth-no-privacy | privacy}]
— no trap-target name

Show Commands

show
— log
accounting-policy [acct-policy-id] access
accounting-records
applications
event-control [application-id] [event-name | event-number]]
file-id [log-file-id]
filter-id [filter-id]
log-collector
log-id [log-id] [severity severity-level] [application application] [sequence from-seq [to-seq]] [count count] [subject subject] [ascending | descending]
snmp-trap-group [log-id]
syslog [syslog-id]

Clear Commands

clear
log log-id

Command Descriptions

  1. Configuration Commands
  2. Show Commands
  3. Clear Commands

Configuration Commands

  1. Generic Commands
  2. Accounting Policy Commands
  3. Event Control Commands
  4. Log File Commands
  5. Log Filter Commands
  6. Syslog Commands
  7. Logging Destination Commands
  8. SNMP Trap Groups Commands

Generic Commands

description

Syntax 
description description-string
no description
Context 
config>log>filter
config>log>filter>entry
config>log>log-id
config>log>accounting-policy
config>log>file-id
config>log>syslog
config>log>snmp-trap-group
Description 

This command creates a text description stored in the configuration file for a configuration context.

The command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of the command removes the string from the configuration.

Default 

No text description is associated with this configuration.

Parameters 
string—
The description can contain a string of up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

shutdown

Syntax 
[no] shutdown
Context 
config>log>log-id
config>log>accounting-policy
Description 

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

The no form of this command administratively enables an entity.

Default 

no shutdown

Special Cases 
log-id —
when a log-id is shut down, no events are collected for the entity. This leads to the loss of event data.
policy-id—
when an accounting policy is shut down, no accounting data is written to the destination log ID. Counters in the billing data reflect totals, not increments, so when the policy is re-enabled (no shutdown), the counters include the data collected during the period the policy was shut down.

Accounting Policy Commands

accounting-policy

Syntax 
accounting-policy policy-id [interval minutes]
no accounting-policy policy-id
Context 
config>log
Description 

This command creates an access accounting policy.

An accounting policy defines the accounting records that are created.

Access accounting policies are policies that can be applied to one or more service access points (SAPs). Changes made to an existing policy, using any of the sub-commands, are applied immediately to all SAPs where this policy is applied.

If an accounting policy is not specified on a SAP, then accounting records are produced in accordance with the access policy designated as the default. For more information, see the default command.

The no form of the command deletes the policy from the configuration. The accounting policy cannot be removed unless it is removed from all the SAPs or channels where the policy is applied.

Default 

No default accounting policy is defined.

Parameters 
policy-id—
the policy ID that uniquely identifies the accounting policy, expressed as a decimal integer
Values—
1 to 99
minutes—
the interval, in minutes, in which statistics are collected and written to their destination

The default interval for each record type is defined in the record record-name description.

Values—
5 to 120
Values—
as defined in the record name description

default

Syntax 
[no] default
Context 
config>log>accounting-policy
Description 

This command adds the designation that the accounting policy ID is the default access accounting policy to be used with all SAPs without a specified accounting policy.

If no access accounting policy is defined on a SAP, accounting records are produced in accordance with the default access policy. If no default access policy is created, no accounting records will be collected other than the records for the accounting policies that are explicitly configured.

Only one access accounting policy ID can be designated as the default access policy.

The record name must be specified prior to assigning an accounting policy as default.

If a policy is configured as the default policy, then a no default command must be issued before a new default policy can be configured.

The no form of the command removes the default policy designation from the policy ID. The accounting policy will be removed from all SAPs that do not have this policy explicitly defined.

record

Syntax 
[no] record record-name
Context 
config>log>accounting-policy
Description 

This command adds the accounting record type to the accounting policy to be forwarded to the configured accounting file. Each accounting policy can only contain one record name. To obtain a list of all record types that can be configured, use the show log accounting-records command.

ALU-12>config>log# show log accounting-records
==========================================================
Accounting Policy Records
==========================================================
Record # Record Name                        Def. Interval
----------------------------------------------------------
1        service-ingress-octets             5
2        service-egress-octets              5
3        service-ingress-packets            5
4        service-egress-packets             5
==========================================================
ALU-12>config>log#

To configure an accounting policy for access ports, select a service record (for example, service-ingress-octets). To change the record name to another service record, re-enter the record command with the new record name and it will replace the old record name.

Only one record may be configured in a single accounting policy.

Note:

Collecting excessive statistics can adversely affect the CPU usage and take up large amounts of storage space.

The no form of the command removes the record type from the policy.

Default 

No accounting record is defined.

Parameters 
record-name—
the accounting record name

Table 31 lists the accounting record names available and the default collection interval.

Table 31:  Accounting Record Names  

Record Type

Accounting Record Name

Default Interval

1

service-ingress-octets

5 minutes

2

service-egress-octets

5 minutes

3

service-ingress-packets

5 minutes

4

service-egress-packets

5 minutes

to file

Syntax 
to file file-id
Context 
config>log>accounting-policy
Description 

This command specifies the destination for the accounting records selected for the accounting policy.

Default 

No destination is specified.

Parameters 
file-id—
the file-id option specifies the destination for the accounting records associated with this accounting policy. The characteristics of the file ID, such as rollover and retention intervals, must have already been defined in the config>log>file-id context. A file ID can only be used once.

The file is generated when the file ID is referenced. This command identifies the type of accounting file to be created. If the to command is executed while the accounting policy is in operation, then it becomes active during the next collection interval.

Values—
1 to 99

Event Control Commands

event-control

Syntax 
event-control application-id [event-name | event-number] generate [severity-level] [throttle]
event-control application-id [event-name | event-number] suppress
no event-control application-id [event-name | event-number]
Context 
config>log
Description 

This command is used to specify that a particular event, or all events associated with an application, are either generated or suppressed.

Events are generated by an application and contain an event number and description explaining the cause of the event. Each event has a default designation that directs it to be generated or suppressed.

Events are generated with a default severity level that can be modified by using the severity-level option.

For example, to change event reporting for an external alarm output on the chassis:

  1. specify the application: config>log>event-control>chassis
  2. specify the event name or number (to display a list of events, use the show>log>event-control command):config>log>event-control>chassis>extAlarmInput1Detected
  3. specify whether the event is generated or suppressed: config>log>event-control>chassis> extAlarmInput1Detected>generate
  4. change the severity level (for this event, the default is critical): config>log>event-control> chassis>extAlarmInput1Detected>generate>major

Events that are suppressed by default are typically used for debugging purposes. Events are suppressed at the time the application requests the event’s generation. No event log entry is generated regardless of the destination. While this feature can save processor resources, there may be a negative effect on the ability to troubleshoot problems if the logging entries are not generated. In reverse, the generation of too many events may cause excessive overhead.

The rate is set with the throttle-rate command. The throttle parameter enables event throttling for these events.

The no form of the command reverts the parameters to the default setting for events for the application or a specific event within the application. The severity, generate, and suppress options will also be reset to the initial values.

Default 

Each event has a default suppress or generate state. To display a list of all events and the current configuration use the event-control command.

Parameters 
application-id —
the application whose events are affected by this event control filter
Values—
A valid application name. To display a list of valid application names, use the applications command. Valid applications are:
aps, atm, bgp, chassis, debug, dhcp, dot1ag, efm_oam, eth-cfm, filter, ip, isis, ldp, logger, mpls, ntp, oam, ospf, port, ppp, ptp, qos, rip, route_policy, rsvp, security, snmp, stp, svcmgr, system, user, vrtr
Values—
none; this parameter must be explicitly specified
event-name | event-number—
to generate, suppress, or revert to default for a single event, enter the specific number or event short name. If no event number or name is specified, the command applies to all events in the application. To display a list of all event short names use the show>log>event-control command.
Values—
a valid event name or event number
Values—
n/a
generate —
specifies that logger event is created when this event occurs. The generate keyword can be used with two optional parameters, severity-level and throttle.
Values—
generate
severity-level—
An ASCII string representing the severity level to associate with the specified generated events
Values—
one of: cleared, indeterminate, critical, major, minor, warning
Values—
the system-assigned severity level
throttle—
specifies whether events of this type will be throttled
Values—
By default, event throttling is off for each specific event type. It must be explicitly enabled for each event type where throttling is desired. This makes backwards compatibility easier to manage.
suppress—
indicates that the specified events will not be logged. If the suppress keyword is not specified, then the events are generated by default.
Values—
generate

throttle-rate

Syntax 
throttle-rate events [interval seconds]
no throttle-rate
Context 
config>log
Description 

This command configures an event throttling rate.

Parameters 
events—
specifies the number of log events that can be logged within the specified interval for a specific event. Once the limit has been reached, any additional events of that type will be dropped, and the event drop count will be incremented. At the end of the throttle interval, if any events have been dropped, a trap notification will be sent.
Values—
10 to 20000
Values—
500
seconds—
specifies the number of seconds that an event throttling interval lasts
Values—
1 to 60
Values—
1

Log File Commands

file-id

Syntax 
[no] file-id log-file-id
Context 
config>log
Description 

This command creates the context to configure a file ID template to be used as a destination for an event log or billing file.

This command defines the file location and characteristics that are to be used as the destination for a log event message stream or accounting and billing information. The file defined in this context is subsequently specified in the to command under log-id or accounting-policy to direct specific logging or billing source streams to the file destination.

A file ID can only be assigned to either one log-id or one accounting-policy. It cannot be reused for multiple instances. A file ID and associated file definition must exist for each log and billing file that must be stored in the file system.

A file is created when the file ID defined by this command is selected as the destination type for a specific log or accounting record. Log files are collected in a “log” directory. Accounting files are collected in an “act” directory.

The file names for a log are created by the system as summarized in Table 32.

Table 32:  Log File Names  

File Type

File Name

Log File

logllff-timestamp

Accounting File

actaaff-timestamp

where:

  1. ll is the log-id
  2. aa is the accounting policy-id
  3. ff is the file-id
  4. the timestamp is the actual timestamp when the file is created. The format for the timestamp is yyyymmdd-hhmmss, where:
    1. yyyy is the year (for example, 2007)
    2. mm is the month number (for example, 12 for December)
    3. dd is the day of the month (for example, 03 for the 3rd of the month)
    4. hh is the hour of the day in 24-hour format (for example, 04 for 4 a.m.)
    5. mm is the minutes (for example, 30 for 30 minutes past the hour)
    6. ss is the number of seconds (for example, 14 for 14 seconds)
  5. the accounting file is compressed and has a gz extension

When initialized, each file will contain:

  1. the log-id  description
  2. the time the file was opened
  3. the reason the file was created
  4. the sequence number of the last event stored on the log (if the event log file was closed properly)

If the process of writing to a log file fails (for example, the compact flash card is full), the log file will not become operational even if the compact flash card is replaced. Enter a clear log command or a shutdown/no shutdown command to reinitialize the file.

If the location fails (for example, the compact flash card fills up during the write process), a trap is sent.

The no form of the command removes the file ID from the configuration. A file ID can only be removed from the configuration if the file is not the designated output for a log destination. The actual file remains on the file system.

Default 

No default file IDs are defined.

Parameters 
log-file-id—
the file identification number for the file, expressed as a decimal integer
Values—
1 to 99

location

Syntax 
location cflash-id
no location
Context 
config>log>file-id
Description 

This command specifies the location where the log or billing file will be created.

The location command is optional. If the location command is not explicitly configured, log and accounting files will be created on cf3: for the following:

  1. 7705 SAR-F
  2. 7705 SAR-M (all variants)
  3. 7705 SAR-A (all variants)
  4. 7705 SAR-W
  5. 7705 SAR-Wx (all variants)
  6. 7705 SAR-8
  7. 7705 SAR-H
  8. 7705 SAR-Hc

For the 7705 SAR-18, log files are created by default on cf1: and accounting files are created by default on cf2:. There are no overflows onto other devices.

Note:

The 7705 SAR-A, 7705 SAR-W, 7705 SAR-Wx, and 7705 SAR-Hc do not have compact flash drives; they are shipped with an integrated 256 Mbyte flash memory device that is used to store system boot software, OS software, and configuration files and logs. These flash memory devices are identified as cf3-A: by the system.

When multiple location commands are entered in a single file ID context, the last command overwrites the previous command.

When the location of a file ID that is associated with an active log ID is changed, the log events are not immediately written to the new location. The new location does not take effect until the log is rolled over, either because the rollover period has expired or a clear log log-id command is entered to manually roll over the log file.

When creating files, the designated location is used as long as there is available space. If no space is available, an attempt is made to delete unnecessary files that are past their retention date.

If sufficient space is not available, an attempt is made to remove the oldest to newest closed log or accounting files. After each file is deleted, the system attempts to create the new file.

A medium severity trap is issued to indicate that the compact flash is either not available or that no space is available on the specified flash.

A high-priority alarm condition is raised if the compact flash device for this file ID is not present or if there is insufficient space available. If space does becomes available, then the alarm condition will be cleared.

Use the no form of this command to revert to default settings.

Default 

For the 7705 SAR-8, 7705 SAR-M (all variants), 7705 SAR-A (all variants), 7705 SAR-W, 7705 SAR-Wx (all variants), 7705 SAR-F, 7705 SAR-H, and 7705 SAR-Hc, log and accounting files are created on cf3:

For the 7705 SAR-18, log files are created on cf1: and accounting files are created on cf2:

Parameters 
cflash-id—
specifies the location of the flash
Values—
cflash-id: cf3: for all platforms; cf1: or cf2: for the 7705 SAR-18

rollover

Syntax 
rollover minutes [retention hours]
no rollover
Context 
config>log>file-id
Description 

This command configures how often an event or accounting log is rolled over or partitioned into a new file.

An event or accounting log is actually composed of multiple individual files. The system creates a new file for the log based on the rollover time, expressed in minutes.

The retention option, expressed in hours, allows you to modify the default time to keep the file in the system. The retention time is based on the rollover time of the file. The retention time is used as a factor to determine which files should be deleted first as the file space becomes full.

When multiple rollover commands for a file ID are entered, the last command overwrites the previous command.

Default 

rollover 1440 retention 12

Parameters 
minutes—
the rollover time, in minutes
Values—
5 to 10080
hours—
the retention period in hours, expressed as a decimal integer. The retention time is based on the creation time of the file. The file becomes a candidate for removal once the creation datestamp + rollover time + retention time is less than the current timestamp.
Values—
1 to 500

Log Filter Commands

filter

Syntax 
[no] filter filter-id
Context 
config>log
Description 

This command creates a context for an event filter. An event filter specifies whether to forward or drop an event or trap based on the match criteria.

Filters are configured in the filter filter-id context and then applied to a log in the log-id log-id context. Only events for the configured log source streams destined for the log ID where the filter is applied are filtered.

Any changes made to an existing filter, using any of the sub-commands, are immediately applied to the destinations where the filter is applied.

The no form of the command removes the filter association from log IDs, which causes those logs to forward all events.

Default 

No event filters are defined.

Parameters 
filter-id —
uniquely identifies the filter
Values—
1 to 1000

default-action

Syntax 
default-action {drop | forward}
no default-action
Context 
config>log>filter
Description 

The default action specifies the action that is applied to events when no action is specified in the event filter entries or when an event does not match the specified criteria.

When multiple default-action commands are entered, the last command overwrites the previous command.

The no form of the command reverts the default action to the default value.

Default 

default-action forward

Parameters 
drop—
the events that are not explicitly forwarded by an event filter match are dropped
forward—
the events that are not explicitly dropped by an event filter match are forwarded

entry

Syntax 
[no] entry entry-id
Context 
config>log>filter
Description 

This command is used to create or edit an event filter entry. Multiple entries may be created using unique entry-id numbers. The -TiMOS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may have no match criteria defined (in which case, everything matches) but must have at least the action keyword for it to be considered complete. Entries without the action keyword will be considered incomplete and rendered inactive.

The no form of the command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log IDs where the filter is applied.

Default 

No event filter entries are defined. An entry must be explicitly configured.

Parameters 
entry-id—
uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.
Values—
1 to 999

action

Syntax 
action {drop | forward}
no action
Context 
config>log>filter>entry
Description 

This command specifies a drop or forward action associated with the filter entry.

If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.

When multiple action commands are entered, the last command will overwrite the previous command.

The no form of the command removes the specified action statement.

Default 

no action

Parameters 
drop—
specifies that packets matching the entry criteria will be dropped
forward—
specifies that packets matching the entry criteria will be forwarded

match

Syntax 
[no] match
Context 
config>log>filter>entry
Description 

This command creates the context to enter or edit match criteria for a filter entry. When the match criteria is satisfied, the action associated with the entry is executed.

If more than one match parameter (within one match statement) is specified, then all the criteria must be satisfied and functional before the action associated with the match is executed.

Use the applications command to display a list of the valid applications.

Match context can consist of multiple match parameters (application, event-number, severity, subject), but multiple match statements cannot be entered per entry.

The no form of the command removes the match criteria for the entry-id.

Default 

No match context is defined.

application

Syntax 
application {eq | neq} application-id
no application
Context 
config>log>filter>entry>match
Description 

This command adds a TiMOS application as an event filter match criterion.

A TiMOS application is the software entity that reports the event. Examples of applications include: IP, MPLS, CLI, and SERVICES. Only one application can be specified per entry.

When multiple application commands are entered, the last command will overwrite the previous command.

The no form of the command removes the application as a match criterion.

Default 

no application

Parameters 
eq | neq—
the operator specifying the type of match. Valid operators are listed in Table 33.
Table 33:  Valid Match Operators for Applications  

Operator

Notes

eq

Equal to

neq

Not equal to

application-id—
the application name string
Values—
aps, atm, bgp, chassis, debug, dhcp, dot1ag, efm_oam, eth-cfm, filter, ip, isis, ldp, logger, mpls, ntp, oam, ospf, port, ppp, ptp, qos, rip, route_policy, rsvp, security, snmp, stp, svcmgr, system, user, vrtr

number

Syntax 
number {eq | neq | lt | lte | gt | gte} event-id
no number
Context 
config>log>filter>entry>match
Description 

This command adds a TiMOS application event number as a match criterion.

TiMOS event numbers uniquely identify a specific logging event within an application.

Only one number command can be entered per event filter entry. If multiple number commands are entered, the last command overwrites the previous command.

The no form of the command removes the event number as a match criterion.

Default 

no event-number

Parameters 
eq | neq | lt | lte | gt | gte—
this operator specifies the type of match. Valid operators are listed in Table 34.
Table 34:  Valid Match Operators for Event Numbers  

Operator

Notes

eq

Equal to

neq

Not equal to

lt

Less than

lte

Less than or equal to

gt

Greater than

gte

Greater than or equal to

event-id—
the event ID, expressed as a decimal integer
Values—
1 to 4294967295

router

Syntax 
router {eq | neq} router-instance [regexp]
no router
Context 
config>log>filter>entry>match
Description 

This command specifies the log event matches for the router.

Parameters 
eq—
determines if the matching criteria should be equal to the specified value
neq—
determines if the matching criteria should not be equal to the specified value
router-instance—
specifies a router name up to 32 characters to be used in the match criteria
regexp—
specifies the type of string comparison to use to determine if the log event matches the value of router command parameters. When the regexp keyword is specified, the string in the router command is a regular expression string that will be matched against the router string in the log event being filtered.

When the regexp keyword is not specified, the router command string is matched exactly by the event filter.

severity

Syntax 
severity {eq | neq | lt | lte | gt | gte} severity-level
no severity
Context 
config>log>filter>entry>match
Description 

This command adds an event severity level as a match criterion.

Only one severity command can be entered per event filter entry. When multiple severity commands are entered, the last command overwrites the previous command.

The no form of the command removes the severity match criterion.

Default 

no severity

Parameters 
eq | neq | lt | lte | gt | gte—
this operator specifies the type of match. Valid operators are listed in Table 35.
Table 35:  Valid Operators for Event Severity  

Operator

Notes

eq

Equal to

neq

Not equal to

lt

Less than

lte

Less than or equal to

gt

Greater than

gte

Greater than or equal to

severity-level—
the ITU severity level number. Table 36 lists severity levels and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.
Table 36:  Severity Levels  

Severity Number

Severity Level

1

cleared

2

indeterminate (info)

3

critical

4

major

5

minor

6

warning

subject

Syntax 
subject {eq | neq} subject [regexp]
no subject
Context 
config>log>filter>entry>match
Description 

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case, the port-id string would be the subject.

Only one subject command can be entered per event filter entry. If multiple subject commands are entered, the last command overwrites the previous command.

The no form of the command removes the subject match criterion.

Default 

no subject

Parameters 
eq | neq—
this operator specifies the type of match. Valid operators are listed in Table 37.
Table 37:  Valid Operators for Event Subjects  

Operator

Notes

eq

Equal to

neq

Not equal to

subject—
a string used as the subject match criterion
regexp—
specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered.

When the regexp keyword is not specified, the subject command string is matched exactly by the event filter.

Syslog Commands

syslog

Syntax 
[no] syslog syslog-id
Context 
config>log
Description 

This command creates the context to configure a syslog target host that is capable of receiving selected syslog messages from the 7705 SAR.

A valid syslog-id must have the target syslog host address configured.

A maximum of 10 syslog IDs can be configured.

No log events are sent to a syslog target address until the syslog-id has been configured as the log destination (to) in the log-id node.

Default 

No syslog IDs are defined.

Parameters 
syslog-id—
the syslog ID number for the syslog destination, expressed as a decimal integer
Values—
1 to 10

address

Syntax 
address ip-address
no address
Context 
config>log>syslog
Description 

This command associates the syslog target host IP address with the syslog ID.

This parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.

Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.

The same syslog target host can be used by multiple log IDs.

The no form of the command removes the syslog target host IP address.

Default 

no address

Parameters 
ip-address—
the IP address of the syslog target host
Values—
ipv4-address     a.b.c.d (host bits must be 0)
ipv6-address         x:x:x:x:x:x:x:x (eight 16-bit pieces)
                             x:x:x:x:x:x:d.d.d.d
                             x:   [0 to FFFF]H
                             d:   [0 to 255]D

facility

Syntax 
facility syslog-facility
no facility
Context 
config>log>syslog
Description 

This command configures the facility code for messages sent to the syslog target host.

Multiple syslog IDs can be created with the same target host but each syslog ID can only have one facility code. If multiple facility codes are entered, the last facility code entered overwrites the previous facility code.

If multiple facilities need to be generated for a single syslog target host, then multiple log-id entries must be created, each with its own filter criteria to select the events to be sent to the syslog target host with a given facility code.

The no form of the command reverts to the default value.

Default 

local7

Parameters 
syslog-facility—
the syslog facility name represents a specific numeric facility code. The code should be entered in accordance with the syslog RFC. However, the software will not confirm whether the facility code is valid or invalid for the event type being sent to the syslog target host.
Values—
0 to 23
Valid codes per RFC 3164, The BSD syslog Protocol, are listed in Table 38.
Table 38:  Valid Facility Codes  

Numerical Code

Facility Code

0

kernel

1

user

2

mail

3

systemd

4

auth

5

syslogd

6

printer

7

net-news

8

uucp

9

cron

10

auth-priv

11

ftp

12

ntp

13

log-audit

14

log-alert

15

cron2

16

local0

17

local1

18

local2

19

local3

20

local4

21

local5

22

local6

23

local7

level

Syntax 
level syslog-level
no level
Context 
config>log>syslog
Description 

This command configures the syslog message severity level threshold. All messages with a severity level equal to or higher than the threshold are sent to the syslog target host.

Only a single threshold level can be specified. If multiple level commands are entered, the last command will overwrite the previous command.

The no form of the command reverts to the default value.

Parameters 
syslog-level—
the threshold severity level value as described in Table 39.
Values—
0 to 7
Table 39:  Threshold Severity Level Values  

7705 SAR Severity Level

Syslog Severity Level

(highest to lowest)

Configured Severity

Definition

3 critical

0

emergency

System is unusable

1

alert

Action must be taken immediately

4 major

2

critical

Critical condition

5 minor

3

error

Error condition

6 warning

4

warning

Warning condition

5

notice

Normal but significant condition

1 cleared

2 indeterminate

6

info

Informational messages

7

debug

Debug-level messages

log-prefix

Syntax 
log-prefix log-prefix-string
no log-prefix
Context 
config>log>syslog
Description 

This command adds the string prepended to every syslog message sent to the syslog host.

RFC 3164, The BSD syslog Protocol, allows an alphanumeric string (tag) to be prepended to the content of every log message sent to the syslog host. This alphanumeric string can, for example, be used to identify the node that generates the log entry. The software appends a colon (:) and a space to the string and it is inserted in the syslog message after the date stamp and before the syslog message content.

Only one string can be entered. If multiple strings are entered, the last string overwrites the previous string. The alphanumeric string can contain lowercase (a-z), uppercase (A-Z) and numeric (0-9) characters.

The no form of the command removes the log prefix string.

Default 

no log-prefix

Parameters 
log-prefix-string —
an alphanumeric string of up to 32 characters. Special characters (#, $, spaces, etc.) cannot be used in the string.

port

Syntax 
port value
no port
Context 
config>log>syslog
Description 

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of the command reverts to default value.

Default 

no port

Parameters 
value—
the configured UDP port number used when sending syslog messages
Values—
1 to 65535

Logging Destination Commands

log-id

Syntax 
[no] log-id log-id
Context 
config>log
Description 

This command creates a context to configure destinations for event streams.

The log-id context is used to direct events, alarms/traps, and debug information to respective destinations.

A maximum of 10 logs can be configured.

Before an event can be associated with this log-id, the from command identifying the source of the event must be configured.

Only one destination can be specified for a log-id. The destination of an event stream can be an in-memory buffer, console, session, snmp-trap-group, syslog, or file.

Use the event-control command to suppress the generation of events, alarms, and traps for all log destinations.

An event filter policy can be applied in the log-id context to limit which events, alarms, and traps are sent to the specified log-id.

Log-IDs 99 and 100 are created by the agent. Log-ID 99 captures all log messages. Log-ID 100 captures log messages with a severity level of major and above.

The no form of the command deletes the log destination ID from the configuration.

Default 

No log destinations are defined.

Parameters 
log-id—
the log ID number, expressed as a decimal integer
Values—
1 to 100

filter

Syntax 
filter filter-id
no filter
Context 
config>log>log-id
Description 

This command associates an event filter policy with the log destination.

The filter command is optional. If no event filter is configured, all events, alarms and traps generated by the source stream will be forwarded to the destination.

An event filter policy defines (limits) the events that are forwarded to the destination configured in the log-id. The event filter policy can also be used to select the alarms and traps to be forwarded to a destination snmp-trap-group.

The application of filters for debug messages is limited to application and subject only.

Accounting records cannot be filtered using the filter command.

Only one filter-id can be configured per log destination.

The no form of the command removes the specified event filter from the log-id.

Default 

no filter

Parameters 
filter-id—
the event filter policy ID is used to associate the filter with the log-id configuration. The event filter policy ID must already be defined in the config>log>filter filter-id context.
Values—
1 to 1000

from

Syntax 
from {[main] [security] [change] [debug-trace]}
no from
Context 
config>log>log-id
Description 

This command selects the source stream to be sent to a log destination.

One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example: from main change debug-trace).

Only one from command may be entered for a single log-id. If multiple from commands are entered, then the last command entered overwrites the previous command.

The no form of the command removes all previously configured source streams.

Default 

no from

Parameters 
main—
instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter (log destination) command.
security—
instructs all events in the security event stream to be sent to the destination defined in the to command for this destination log-id. The security stream contains all events that affect attempts to breach system security such as failed login attempts, attempts to access MIB tables to which the user is not granted access, or attempts to enter a branch of the CLI to which access has not been granted. To limit the events forwarded to the destination, configure filters using the filter (log destination) command.
change—
instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter (log destination) command.
debug-trace—
instructs all debug-trace messages in the debug stream to be sent to the destination configured in the to command for this destination log-id. Filters applied to debug messages are limited to application and subject.

to console

Syntax 
to console
Context 
config>log>log-id
Description 

This command is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the events selected for the log ID to be directed to the console. If the console is not connected, then all entries are dropped.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated.

Default 

No destination is specified.

to file

Syntax 
to file log-file-id
Context 
config>log>log-id
Description 

This command is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the events selected for the log ID to be directed to a specified file.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated.

Default 

No destination is specified.

Parameters 
log-file-id—
instructs the events selected for the log ID to be directed to the log-file-id. The characteristics of the log-file-id referenced here must have already been defined in the config>log>file-id log-file-id context.
Values—
1 to 99

to memory

Syntax 
to memory [size]
Context 
config>log>log-id
Description 

This command is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the events selected for the log ID to be directed to a memory log. A memory file is a circular buffer. Once the file is full, each new entry replaces the oldest entry in the log.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered.If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated.

Default 

No destination is specified.

Parameters 
size—
indicates the number of events that can be stored in the memory log
Values—
50 to 1024
Values—
100

to session

Syntax 
to session
Context 
config>log>log-id
Description 

This command is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the events selected for the log ID to be directed to the current console or telnet session. This command is only valid for the duration of the session. When the session is terminated, the log ID is removed. A log ID with a session destination is not saved in the configuration file.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated.

Default 

No destination is specified.

to snmp

Syntax 
to snmp [size]
Context 
config>log>log-id
Description 

This command is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the alarms and traps to be directed to the snmp-trap-group associated with the log-id.

A local circular memory log is always maintained for SNMP notifications sent to the specified snmp-trap-group for the log-id.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated.

Default 

No destination is specified.

Parameters 
size—
defines the number of events stored in this memory log
Values—
50 to 1024
Values—
100

to syslog

Syntax 
to syslog syslog-id
Context 
config>log>log-id
Description 

This command is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the alarms and traps to be directed to a specified syslog. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1 kbytes.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed then recreated.

Default 

No destination is specified.

Parameters 
syslog-id—
instructs the events selected for the log ID to be directed to the syslog-id. The characteristics of the syslog-id referenced here must have been defined in the config>log>syslog syslog-id context.
Values—
1 to 10

time-format

Syntax 
time-format {local | utc}
Context 
config>log>log-id
Description 

This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.

Default 

utc

Parameters 
local —
specifies that timestamps are written in the system’s local time
utc—
specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

SNMP Trap Groups Commands

snmp-trap-group

Syntax 
[no] snmp-trap-group log-id
Context 
config>log
Description 

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a given log-id.

A trap group specifies the types of SNMP traps and specifies the log ID that will receive the group of SNMP traps. A trap group must be configured in order for SNMP traps to be sent.

To suppress the generation of all alarms and traps, see the event-control command. To suppress alarms and traps that are sent to this log-id, see the filter (log destination) command. Once alarms and traps are generated, they can be directed to one or more SNMP trap groups. Logger events that can be forwarded as SNMP traps are always defined on the main event source.

The no form of the command deletes the SNMP trap group.

Default 

There are no default SNMP trap groups.

Parameters 
log-id—
the log ID value of a log configured in the to snmp context. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.
Values—
1 to 99

trap-target

Syntax 
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community {communityName | snmpv3SecurityName} [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] no trap-target name
Context 
config>log>snmp-trap-group
Description 

This command adds or modifies a trap receiver and configures the operational parameters for the trap receiver.

Before an SNMP trap can be issued to a trap receiver, the to console, snmp-trap-group, and at least one trap-target must be configured.

The trap-target command is used to add or remove a trap receiver from an snmp-trap-group. The operational parameters specified in the command include:

  1. the IP address of the trap receiver
  2. the UDP port used to send the SNMP trap
  3. SNMP version
  4. SNMP community name for SNMPv1 and SNMPv2c receivers
  5. security name and level for SNMPv3 trap receivers

A single snmp-trap-group log-id can have multiple trap receivers. Each trap receiver can have different operational parameters.

An address can be configured as a trap receiver more than once as long as a different port is used for each instance.

To prevent resource limitations, only configure a maximum of 10 trap receivers.

Note:

If the same trap-target name port port parameter value is specified in more than one SNMP trap group, each trap destination should be configured with a different notify-community value. This allows a trap receiving an application, such as NMS, to reconcile a separate event sequence number stream for each 7705 SAR event log when multiple event logs are directed to the same IP address and port destination.

The no form of the command removes the SNMP trap receiver from the SNMP trap group.

Default 

No SNMP trap targets are defined.

Parameters 
name—
specifies the name of the trap target, up to 28 characters in length
ip-address—
the IP address of the trap receiver. Only one IP address destination can be specified per trap destination group.
Values—
ipv4-address     a.b.c.d (host bits must be 0)
ipv6-address     x:x:x:x:x:x:x:x (eight 16-bit pieces)
                         x:x:x:x:x:x:d.d.d.d
                             x:   [0 to FFFF]H
                             d:   [0 to 255]D
port—
the destination UDP port used for sending traps to the destination, expressed as a decimal integer. Only one port can be specified per trap-target statement. If multiple traps need to be issued to the same address, multiple ports must be configured.
Values—
1 to 65535
Values—
162
snmpv1 | snmpv2c | snmpv3—
specifies the SNMP version format to use for traps sent to the trap receiver

The keyword snmpv1 selects the SNMP version 1 format. When specifying snmpv1, the notify-community parameter must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv1, then the notify-community parameter must be changed to reflect the community string rather than the snmpv3securityName that is used by snmpv3.

The keyword snmpv2c selects the SNMP version 2c format. When specifying snmpv2c, the notify-community parameter must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv2c, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv3 selects the SNMP version 3 format. When specifying snmpv3, the notify-community parameter must be configured for the SNMP security-name. If the SNMP version is changed from snmpv1 or snmpv2c to snmpv3, then the notify-community parameter must be changed to reflect the security-name rather than the community string used by snmpv1 or snmpv2c.

Values—
snmpv1, snmpv2c, snmpv3
Values—
snmpv3
notify-community communityName | snmpv3SecurityName
specifies the community string for snmpv1 or snmpv2c, or the snmpv3 security-name. If no notify-community parameter is configured, then no alarms or traps will be issued for the trap destination. If the SNMP version is modified, the notify-community parameter must be changed to the proper form for the SNMP version.
community—
the community string as required by the snmpv1 or snmpv2c trap receiver. The community string can be an ASCII string up to 32 characters in length.
security-name—
the security name as defined in the config>system>security>user context for SNMP v3. The security-name can be an ASCII string up to 32 characters in length.
security-level {no-auth-no-privacy | auth-no-privacy | privacy}—
specifies the required authentication and privacy levels required to access the views configured on this node when configuring an snmpv3 trap receiver.

The keyword no-auth-no-privacy specifies that no authentication and no privacy (encryption) are required.

The keyword auth-no-privacy specifies that authentication is required but no privacy (encryption) is required. When this option is configured, the security-name must be configured for authentication.

The keyword privacy specifies that both authentication and privacy (encryption) are required. When this option is configured, the security-name must be configured for authentication and privacy.

Values—
no-auth-no-privacy, auth-no-privacy, privacy
Values—
No default. The security level must be specified when configuring an SNMPv3 trap receiver.

Show Commands

accounting-policy

Syntax 
accounting-policy [acct-policy-id] access
Context 
show>log
Description 

This command displays accounting policy information.

Parameters 
acct-policy-id—
the policy ID that uniquely identifies the accounting policy, expressed as a decimal integer
Values—
1 to 99
access—
only displays access accounting policies
Output 

The following output is an example of accounting policy information, and Table 40 describes the fields.

Sample Output
A:ALU-1# show log accounting-policy
==============================================================================
Accounting Policies
==============================================================================
Policy Type    Def Admin Oper  Intvl     File Record Name
Id                 State State           Id
------------------------------------------------------------------------------
1      access  No  Up    Up    15        1    service-ingress-packets
2      access  Yes Up    Up    15        2    service-ingress-octets
==============================================================================
A:ALU-1#
A:ALU-1# show log accounting-policy 10
==============================================================================
Accounting Policies
==============================================================================
Policy Type    Def Admin Oper  Intvl     File Record Name
Id                 State State           Id
------------------------------------------------------------------------------
10     access  Yes Up    Up    5         3    service-ingress-packets
 
Description : (Not Specified)
 
This policy is applied to:
    Svc Id: 100  SAP : 1/1/8:0     Collect-Stats
    Svc Id: 101  SAP : 1/1/8:1     Collect-Stats
    Svc Id: 102  SAP : 1/1/8:2     Collect-Stats
    Svc Id: 106  SAP : 1/1/8:6     Collect-Stats
    Svc Id: 107  SAP : 1/1/8:7     Collect-Stats
    Svc Id: 108  SAP : 1/1/8:8     Collect-Stats
    Svc Id: 109  SAP : 1/1/8:9     Collect-Stats
...
==============================================================================
A:ALU-1#
A:ALU-1# show log accounting-policy access
==============================================================================
Accounting Policies
==============================================================================
Policy Type    Def Admin Oper  Intvl     File Record Name
Id                 State State           Id
------------------------------------------------------------------------------
10     access  Yes Up    Up    5         3    service-ingress-packets
==============================================================================
A:ALU-1#
Table 40:  Accounting Policy Output Fields  

Label

Description

Policy ID

The identifying value assigned to a specific policy

Type

Identifies the accounting record type forwarded to the configured accounting file

access: indicates that the policy is an access accounting policy

none: indicates no accounting record types assigned

Def

Yes: indicates that the policy is a default access policy

No: indicates that the policy is not a default access policy

Admin State

Displays the administrative state of the policy

Up: indicates that the policy is administratively enabled

Down: indicates that the policy is administratively disabled

Oper State

Displays the operational state of the policy

Up: indicates that the policy is operationally up

Down: indicates that the policy is operationally down

Intvl

Displays the interval, in minutes, in which statistics are collected and written to their destination. The default depends on the record name type.

File ID

The log destination

Record Name

The accounting record name that represents the configured record type

This policy is applied to

Specifies the entities that the accounting policy is applied to

accounting-records

Syntax 
accounting-records
Context 
show>log
Description 

This command displays accounting policy record names.

Output 

The following output is an example of accounting policy record information, and Table 41 describes the fields.

Sample Output
A: ALU-1# show log accounting-records
==========================================================
Accounting Policy Records                                 
==========================================================
Record # Record Name                        Def. Interval 
----------------------------------------------------------
1        service-ingress-octets             5
2        service-egress-octets              5
3        service-ingress-packets            5
4        service-egress-packets             5
==========================================================
A:ALU-1# 
Table 41:  Accounting Records Output Fields  

Label

Description

Record #

The record ID that uniquely identifies the accounting policy, expressed as a decimal integer

Record Name

The accounting record name

Def. Interval

The default interval, in minutes, in which statistics are collected and written to their destination

applications

Syntax 
applications
Context 
show>log
Description 

This command displays a list of all application names that can be used in event-control and filter commands.

Output 

The following output is an example of an application list.

Sample Output
A:ALU-1# show log applications
==================================
Log Event Application Names
==================================
Application Name
----------------------------------
APS
ATM
BGP
CHASSIS
CPMHWFILTER
DEBUG
DHCP
EFM_OAM
ETH-CFM
FILTER
IP
ISIS
LDP
LOGGER
MPLS
NTP
OAM
OSPF
PORT
PPP
PTP
RIP
QOS
ROUTE_POLICY
SECURITY
SNMP
STP
SVCMGR
SYSTEM
TIP
USER
VRTR
==================================
A:ALU-1# 

event-control

Syntax 
event-control [application-id] [event-name | event-number]
Context 
show>log
Description 

This command displays event control settings for events, including whether the event is suppressed or generated and the severity level for the event.

If no options are specified, all events, alarms and traps are listed.

Parameters 
application-id—
displays event control for the specified application only
Values—
aps, atm, bgp, chassis, debug, dhcp, dot1ag, efm_oam, eth-cfm, filter, ip, isis, ldp, logger, mpls, ntp, oam, ospf, port, ppp, ptp, rip, qos, route_policy, rsvp, security, snmp, stp, svcmgr, system, user, vrtr
Values—
all applications
event-name—
displays event control for the named application event only
Values—
all events for the application
event-number—
displays event control for the specified application event number only
Values—
all events for the application
Output 

The following output is an example of event control information, and Table 42 describes the fields. Because the output is very large, only a sample of the events are shown here.

Sample Output
A:gal171# show log event-control
=======================================================================
Log Events
=======================================================================
Application
 ID#    Event Name                       P   g/s     Logged     Dropped
-----------------------------------------------------------------------
ATM:
   2004 tAtmTcSubLayerDown               MI  gen          0           0
   2005 tAtmTcSubLayerClear              MI  gen          0           0
L  2006 atmVclStatusChange               WA  gen          0           0
...
CHASSIS:
   2001 cardFailure                      MA  gen          4           0
   2002 cardInserted                     MI  gen          3           0
   2003 cardRemoved                      MI  gen          8           0
   2004 cardWrong                        MI  gen          0           0
   2005 EnvTemperatureTooHigh            MA  gen          0           0
   2007 powerSupplyOverTemp              CR  gen          0           0
   2008 powerSupplyAcFailure             CR  gen          0           0
   2009 powerSupplyDcFailure             CR  gen          0           0
   2010 powerSupplyInserted              MA  gen          0           0
   2011 powerSupplyRemoved               MA  gen          0           0
   2012 redPrimaryCPMFail                CR  gen          0           0
   2016 clearNotification                MA  gen          0           0
   2017 syncIfTimingHoldover             CR  gen          0           0
   2018 syncIfTimingHoldoverClear        CR  gen          0           0
   2019 syncIfTimingRef1Alarm            MI  gen          0           0
   2020 syncIfTimingRef1AlarmClear       MI  gen          0           0
   2021 syncIfTimingRef2Alarm            MI  gen          0           0
   2022 syncIfTimingRef2AlarmClear       MI  gen          0           0
   2023 flashDataLoss                    MA  gen          0           0
   2024 flashDiskFull                    MA  gen          0           0
   2025 softwareMismatch                 MA  gen          0           0
   2026 softwareLoadFailed               MA  gen          0           0
   2027 bootloaderMismatch               MA  gen          0           0
   2028 bootromMismatch                  MA  gen          0           0
   2029 fpgaMismatch                     MA  gen          0           0
   2030 syncIfTimingBITSAlarm            MI  gen          0           0
   2031 syncIfTimingBITSAlarmClear       MI  gen          0           0
   2032 cardUpgraded                     MA  gen          0           0
   2033 cardUpgradeInProgress            MA  gen          0           0
   2034 cardUpgradeComplete              MA  gen          0           0
   2050 powerSupplyInputFailure          CR  gen          0           0
   2051 powerSupplyOutputFailure         CR  gen          0           0
   2052 mdaHiBwMulticastAlarm            MI  gen          0           0
   2056 mdaCfgNotCompatible              MA  gen          0           0
   2057 extAlarmInput1Detected           CR  gen          0           0
   2058 extAlarmInput2Detected           MA  gen          0           0
   2059 extAlarmInput3Detected           MA  gen          0           0
   2060 extAlarmInput4Detected           MI  gen          0           0
   2061 extAlarmCleared                  MA  gen          0           0
   2062 syncIfTimingExternAlarm          MI  gen          0           0
   2063 syncIfTimingExternAlarmClear     MI  gen          0           0
   2064 cardBgDiagsFault                 MI  gen          0           0
   2065 fanCriticalFailure               CR  gen          0           0
   2066 fanMinorFailure                  MI  gen          0           0
   2067 cardSyncFileNotPresent           MI  gen          0           0
   2058 tmnxEqMdaXplError                MI  sup          0           0
...
DEBUG:
L  2001 traceEvent                       MI  gen          0           0
DOT1AG:
   2001 dot1agCfmFaultAlarm              MI  gen          0           0
EFM_OAM:
   2001 tmnxDot3OamPeerChanged           MI  gen          0           0
   2002 tmnxDot3OamLoopDetected          MI  gen          0           0
   2003 tmnxDot3OamLoopCleared           MI  gen          0           0
FILTER:
   2001 tIPFilterPBRPacketsDrop          WA  gen          0           0
   2002 tFilterEntryActivationFailed     WA  gen          0           0
   2003 tFilterEntryActivationRestored   WA  gen          0           0
IP:
L  2001 clearRTMError                    MI  gen          0           0
L  2002 ipEtherBroadcast                 MI  gen          0           0
L  2003 ipDuplicateAddress               MI  gen          0           0
L  2004 ipArpInfoOverwritten             MI  gen          0           0
L  2005 fibAddFailed                     MA  gen          0           0
L  2006 qosNetworkPolicyMallocFailed     MA  gen          0           0
L  2007 ipArpBadInterface                MI  gen          0           0
L  2008 ipArpDuplicateIpAddress          MI  gen          0           0
L  2009 ipArpDuplicateMacAddress         MI  gen          0           0
....
USER:
L  2001 cli_user_login                   MI  gen          2           0
L  2002 cli_user_logout                  MI  gen          1           0
L  2003 cli_user_login_failed            MI  gen          0           0
L  2004 cli_user_login_max_attempts      MI  gen          0           0
L  2005 ftp_user_login                   MI  gen          0           0
L  2006 ftp_user_logout                  MI  gen          0           0
L  2007 ftp_user_login_failed            MI  gen          0           0
L  2008 ftp_user_login_max_attempts      MI  gen          0           0
L  2009 cli_user_io                      MI  sup          0          48
L  2010 snmp_user_set                    MI  sup          0           0
L  2011 cli_config_io                    MI  gen       4357           0
======================================================================= 
A:ALU-1#
Table 42:  Event Control Output Fields   

Label

Description

Application

The application name

ID#

The event ID number within the application

L ID#: an “L” in front of an ID represents event types that do not generate an associated SNMP notification. Most events do generate a notification; only the exceptions are marked with a preceding “L”.

Event Name

The event name

P

CL: the event has a cleared severity/priority

CR: the event has critical severity/priority

IN: the event has indeterminate severity/priority

MA: the event has major severity/priority

MI: the event has minor severity/priority

WA: the event has warning severity/priority

g/s

gen: the event will be generated/logged by event control

sup: the event will be suppressed/dropped by event control

thr: specifies that throttling is enabled

Logged

The number of events logged/generated

Dropped

The number of events dropped/suppressed

file-id

Syntax 
file-id [log-file-id]
Context 
show>log
Description 

This command displays event log file information.

If no command line parameters are specified, a summary output of all event log files is displayed.

Specifying a file ID displays detailed information on the event log file.

Parameters 
log-file-id—
displays detailed information on the specified event log file.
Output 

The following output is an example of event log file information, and Table 43 describes the fields.

Sample Output
A:ALU-1# show log file-id
=============================================================
File Id List
=============================================================
file-id   rollover  retention   admin     backup    oper
                                location  location  location
-------------------------------------------------------------
1           60         4        cf3:      none      none
2           60         3        cf3:      none      none
3         1440        12        cf3:      none      none
10        1440        12        cf3:      none      none
11        1440        12        cf3:      none      none
15        1440        12        cf3:      none      none
20        1440        12        cf3:      none      none
=============================================================
A:ALU-1#
A:ALU-1# show log file-id 10
=============================================================
File Id List
=============================================================
file-id   rollover  retention   admin     backup    oper
                                location  location  location
-------------------------------------------------------------
10        1440        12      cf3:      none      none
Description : Main
=============================================================
===============================================================
File Id 10 Location cf3:
===============================================================
file name                               expired   state
---------------------------------------------------------------
cf3:\log\log0302-20060501-012205        yes       complete
cf3:\log\log0302-20060501-014049        yes       complete
cf3:\log\log0302-20060501-015344        yes       complete
cf3:\log\log0302-20060501-015547        yes       in progress
=============================================================
Table 43:  Log File Summary Output Fields   

Label

Description

file-id

The log file ID

rollover

The rollover time for the log file, which is the amount of time before the file is partitioned into a new file.

retention

The retention time for the file in the system, which is how long the file should be retained in the file system

admin location

The flash device specified for the file location

none: indicates no specific flash device was specified

oper location

The actual flash device on which the log file exists

file name

The complete pathname of the file associated with the log ID

expired

Indicates whether or not the retention period for this file has passed

state

in progress: indicates the current open log file

complete: indicates the old log file

filter-id

Syntax 
filter-id [filter-id]
Context 
show>log
Description 

This command displays event log filter policy information. If you specify a filter ID, the command also displays the filter match criteria.

Parameters 
filter-id—
displays detailed information on the specified event filter policy ID
Output 

The following outputs are examples of event log filter policy information:

  1. filter ID summary information (Sample Output, Table 44)
  2. filter ID information with match criteria specified (Sample Output, Table 45)
Sample Output
*A:ALU-48>config>log# show log filter-id
=============================================================================
Log Filters
=============================================================================
Filter Applied Default Description
Id             Action
-----------------------------------------------------------------------------
1      no      forward
5      no      forward
10     no      forward
1001   yes     drop    Collect events for Serious Errors Log
=============================================================================
*A:ALU-48>config>log# 
Table 44:  Filter ID Summary Output Fields  

Label

Description

Filter Id

The event log filter ID

Applied

no: the event log filter is not currently in use by a log ID

yes: the event log filter is currently in use by a log ID

Default Action

drop: the default action for the event log filter is to drop events not matching filter entries

forward: the default action for the event log filter is to forward events not matching filter entries

Description

The description string for the filter ID

Sample Output
*A:ALU-48>config>log# show log filter-id 1001
==========================================================================
Log Filter
==========================================================================
Filter-id     : 1001     Applied       : yes      Default Action: drop
Description   : Collect events for Serious Errors Log
--------------------------------------------------------------------------
Log Filter Match Criteria
--------------------------------------------------------------------------
Entry-id      : 10                      Action        : forward
Application   :                         Operator      : off
Event Number  : 0                       Operator      : off
Severity      : major                   Operator      : greaterThanOrEqual
Subject       :                         Operator      : off
Match Type    : exact string                          :
Router        :                         Operator      : off
Match Type    : exact string                          :
Description   : Collect only events of major severity or higher
--------------------------------------------------------------------------
==========================================================================
Table 45:  Filter ID Match Criteria Output Fields   

Label

Description

Entry-id

The event log filter entry ID

Action

default: there is no explicit action for the event log filter entry and the filter’s default action is used on matching events

drop: the action for the event log filter entry is to drop matching events

forward: the action for the event log filter entry is to forward matching events

Description: (Entry-id)

The description string for the event log filter entry

Application

The event log filter entry application match criterion

Event Number

The event log filter event ID match criterion

Severity

cleared: the event log filter severity match is cleared

indeterminate: the event log filter entry application event severity indeterminate match criterion

critical: the event log filter entry application event severity critical match criterion

major: the event log filter entry application event severity cleared match criterion

minor: the event log filter entry application event severity minor match criterion

warning: the event log filter entry application event severity warning match criterion

Subject

Displays the event log filter entry subject string match criterion

Router

Displays the event log filter entry router router-instance string match criterion

Operator:

There is an operator field for each match criteria:

application, event number, severity, and subject

equal: matches when equal to the match criterion

greaterThan: matches when greater than the match criterion

greaterThanOrEqual: matches when greater than or equal to the match criterion

lessThan: matches when less than the match criterion

lessThanOrEqual: matches when less than or equal to the match criterion

notEqual: matches when not equal to the match criterion

off: no operator specified for the match criterion

log-collector

Syntax 
log-collector
Context 
show>log
Description 

This command displays log collector statistics for the main, security, change and debug log collectors.

Output 

The following output is an example of log collector statistics, and Table 46 describes the fields.

Sample Output
A:ALU-1# show log log-collector
===============================================================================
Log Collectors
===============================================================================
Main                Logged   : 1224                    Dropped  : 0
  Dest Log Id: 99    Filter Id: 0      Status: enabled    Dest Type: memory
  Dest Log Id: 100   Filter Id: 1001   Status: enabled    Dest Type: memory
 
Security            Logged   : 3                       Dropped  : 0
 
Change              Logged   : 3896                    Dropped  : 0
 
Debug               Logged   : 0                       Dropped  : 0
 
===============================================================================
A:ALU-1# 

Table 46:  Log Collector Output Fields   

Label

Description

<Collector Name>

Main: the main event stream contains the events that are not explicitly directed to any other event stream

Security: the security stream contains all events that affect attempts to breach system security, such as failed login attempts, attempts to access MIB tables to which the user is not granted access or attempts to enter a branch of the CLI to which access has not been granted

Change: the change event stream contains all events that directly affect the configuration or operation of this node

Debug: the debug-trace stream contains all messages in the debug stream

Dest. Log ID

Specifies the event log stream destination

Filter ID

The value is the index to the entry that defines the filter to be applied to this log's source event stream to limit the events output to this log's destination. If the value is 0, then all events in the source log are forwarded to the destination.

Status

Enabled: logging is enabled

Disabled: logging is disabled

Dest. Type:

Console: a log created with the console type destination displays events to the physical console device

Events are displayed to the console screen whether a user is logged in to the console or not.

A user logged in to the console device or connected to the CLI via a remote telnet or SSH session can also create a log with a destination type of 'session'. Events are displayed to the session device until the user logs off. When the user logs off, the 'session' type log is deleted.

Syslog: all selected log events are sent to the syslog address

SNMP traps: events defined as SNMP traps are sent to the configured SNMP trap destinations and are logged in NOTIFICATION-LOG-MIB tables

File: all selected log events are directed to a file on the CSM’s compact flash disk

Memory: all selected log events are directed to an in-memory storage area

log-id

Syntax 
log-id [log-id] [severity severity-level] [application application] [sequence from-seq [to-seq]] [count count] [router router-instance [expression]] [subject subject [regexp]] [ascending | descending]
Context 
show>log
Description 

This command displays an event log summary with settings and statistics or the contents of a specific log file, SNMP log, or memory log.

If the command is specified with no command line options, a summary of the defined system logs is displayed. The summary includes log settings and statistics.

If the log ID of a memory, SNMP, or file event log is specified, the command displays the contents of the log. Additional command line options control what and how the contents are displayed.

Contents of logs with console, session or syslog destinations cannot be displayed. The actual events can only be viewed on the receiving syslog or console device.

Parameters 
log-id—
displays the contents of the specified log file or memory log ID. The log ID must have a destination of an SNMP or log file or a memory log for this parameter to be used.
Values—
1 to 99
Values—
displays the event log summary
severity-level—
displays only events with the specified and higher severity
Values—
cleared, indeterminate, critical, major, minor, and warning
Values—
all severity levels
application—
displays only events generated by the specified application
Values—
aps, atm, bgp, chassis, debug, dhcp, dot1ag, efm_oam, eth-cfm, filter, ip, isis, ldp, logger, mpls, ntp, oam, ospf, port, ppp, ptp, qos, rip, route_policy, rsvp, security, snmp, stp, svcmgr, system, user, vrtr
Values—
all applications
sequence from-seq [to-seq]—
displays the log entry numbers from a particular entry sequence number (from-seq) to another sequence number (to-seq). The to-seq value must be larger than the from-seq value.

If the to-seq number is not provided, the log contents to the end of the log are displayed unless the count parameter is present, in which case the number of entries displayed is limited by the count.

Values—
1 to 4294967295
Values—
all sequence numbers
count—
limits the number of log entries displayed to the number specified
Values—
1 to 4294967295
Values—
all log entries
router-instance—
specifies a router name up to 32 characters to be used in the display criteria
expression—
specifies to use a regular expression as match criteria for the router instance string
subject—
displays only log entries matching the specified text subject string. The subject is the object affected by the event; for example, the port-id would be the subject for a link-up or link-down event.
regexp—
specifies to use a regular expression as parameters with the specified subject string
ascending | descending—
specifies the log sort direction. Logs are normally shown from the newest entry to the oldest in descending sequence number order on the screen. When using the ascending parameter, the log will be shown from the oldest to the newest entry.
Values—
Descending
Output 

The following output is an example of event log summary information, and Table 47 describes the fields.

Sample Output
A:ALU-1# show log log-id
=====================================================================
Event Logs                                                      
=====================================================================
Log Source    Filter Admin Oper  Logged  Dropped Dest       Dest  Size
Id            Id     State State                 Type       Id     
--------------------------------------------------------------------
1   none      none   up    down  52      0       file       10     N/A
2   C         none   up    up    41      0       syslog     1      N/A
99  M         none   up    up    2135    0       memory            500
=====================================================================
A:ALU-1# 
Table 47:  Log ID Output Fields   

Label

Description

Log Id

An event log destination

Source

no: the event log filter is not currently in use by a log ID

yes: the event log filter is currently in use by a log ID

Filter ID

The value is the index to the entry that defines the filter to be applied to this log's source event stream to limit the events output to this log's destination. If the value is 0, then all events in the source log are forwarded to the destination.

Admin State

Up: indicates that the administrative state is up

Down: indicates that the administrative state is down

Oper State

Up: indicates that the operational state is up

Down: indicates that the operational state is down

Logged

The number of events that have been sent to the log source(s) that were forwarded to the log destination

Dropped

The number of events that have been sent to the log source(s) that were not forwarded to the log destination because they were filtered out by the log filter

Dest. Type

Console: all selected log events are directed to the system console. If the console is not connected, then all entries are dropped.

Syslog: all selected log events are sent to the syslog address

SNMP traps: events defined as SNMP traps are sent to the configured SNMP trap destinations and are logged in NOTIFICATION-LOG-MIB tables

File: all selected log events are directed to a file on the CSM's compact flash disk

Memory: all selected log events are directed to an in-memory storage area

Dest ID

The event log stream destination

Size

The allocated memory size for the log

Time format

The time format specifies the type of timestamp format for events sent to logs where the log ID destination is either syslog or file.

When the time format is UTC, timestamps are written using the Coordinated Universal Time value.

When the time format is local, timestamps are written in the system's local time.

Sample Memory or File Event Log Contents Output
A:gal171# show log log-id 99
===============================================================================
Event Log 99
===============================================================================
Description : Default System Log
Memory Log contents  [size=500   next event=3722 (wrapped)]
 
3721 2008/02/07 09:14:06.69 UTC WARNING: SYSTEM #2006 Base LOGGER
"Log File Id 2 configuration modified"
 
3720 2008/02/07 09:13:18.86 UTC WARNING: SYSTEM #2006 Base LOGGER
"Log File Id 2 configuration modified"
 
3719 2008/02/01 11:54:15.67 UTC MINOR: IP #2004 management PIP MANAGEMENT
"ARP information overwritten for 138.120.52.253 by 00:e0:52:d4:a5:00"
 
3718 2008/02/01 11:54:15.40 UTC MINOR: IP #2004 management PIP MANAGEMENT
"ARP information overwritten for 138.120.52.253 by 00:e0:5e:00:a5:00"
...
===============================================================================
A:gal171

snmp-trap-group

Syntax 
snmp-trap-group [log-id]
Context 
show>log
Description 

This command displays SNMP trap group configuration information.

Parameters 
log-id—
displays only SNMP trap group information for the specified trap group log ID
Values—
1 to 99
Output 

The following output is an example of SNMP trap group information, and Table 48 describes the fields.

Sample Output
*A:ALU-48>config>log# show log snmp-trap-group
===============================================================================
SNMP Trap Groups
===============================================================================
id        name
  port      address
-------------------------------------------------------------------------------
29        name
  162       10.20.30.10
===============================================================================
*A:ALU-48>config>log# 
Table 48:  SNMP Trap Group Output Fields  

Label

Description

Log-ID

The log destination ID for an event stream

Address

The IP address of the trap receiver

Port

The destination UDP port used for sending traps to the destination, expressed as a decimal integer

Version

Specifies the SNMP version format to use for traps sent to the trap receiver. Valid values are snmpv1, snmpv2c, snmpv3.

Community

The community string required by snmpv1 or snmpv2c trap receivers

Security-Level

The required authentication and privacy levels required to access the views on this node

syslog

Syntax 
syslog [syslog-id]
Context 
show>log
Description 

This command displays syslog event log destination summary information or detailed information on a specific syslog destination.

Parameters 
syslog-id—
displays detailed information on the specified syslog event log destination
Values—
1 to 10
Output 

The following output is an example of syslog event log destination summary information, and Table 49 describes the fields.

Sample Output
*A:ALU-48>config>log# show log syslog
===============================================================================
Syslog Target Hosts
===============================================================================
Id     Ip Address                                      Port        Sev Level
         Below Level Drop                                Facility    Pfx Level
-------------------------------------------------------------------------------
2      unknown                                         514         info
         0                                               local7      yes
3      unknown                                         514         info
         0                                               mail        yes
===============================================================================
*A:ALU-48>config>log#
*A:ALU-48>config>log# show log syslog 1
===============================================================================
Syslog Target 1
===============================================================================
IP Address       : 192.168.15.22
Port             : 514
Log-ids          : none
Prefix           : Sr12
Facility         : mail
Severity Level   : info
Prefix Level     : yes
Below Level Drop : 0
Description      : Linux Station Springsteen
===============================================================================
*A:ALU-48>config>log#
Table 49:  Syslog Output Fields   

Label

Description

Syslog ID

The syslog ID number for the syslog destination

IP Address

The IP address of the syslog target host

Port

The configured UDP port number used when sending syslog messages

Facility

The facility code for messages sent to the syslog target host

Severity Level

The syslog message severity level threshold

Below Level Dropped

A count of messages not sent to the syslog collector target because the severity level of the message was above the configured severity. The higher the level, the lower the severity.

Prefix Present

Yes: a log prefix was prepended to the syslog message sent to the syslog host

No: a log prefix was not prepended to the syslog message sent to the syslog host

Description

A text description stored in the configuration file for a configuration context

LogPrefix

The prefix string prepended to the syslog message

Log-id

Events are directed to this destination

Clear Commands

log

Syntax 
log log-id
Context 
clear
Description 

This command reinitializes/rolls over the specified memory log or log file. Memory logs are reinitialized and cleared of contents. Log files are manually rolled over by this command.

This command is only applicable to event logs that are directed to file destinations and memory destinations.

SNMP, syslog and console/session logs are not affected by this command.

Parameters 
log-id—
the event log ID to be initialized/rolled over
Values—
1 to 100