Configuring Logging with CLI

This section provides information to configure logging using the command line interface.

Topics in this section include:

  1. Log Configuration Overview
  2. Log Type
  3. Basic Event Log Configuration
  4. Common Configuration Tasks
  5. Log Management Tasks

Log Configuration Overview

Logging on the 7705 SAR is used to provide the operator with logging information for monitoring and troubleshooting. You can configure logging parameters to save information in a log file or direct the messages to other devices. Logging commands allow you to:

  1. select the types of logging information to be recorded
  2. assign a severity to the log messages
  3. select the source and target of logging information

Log Type

Logs can be configured in the following contexts:

  1. Log file — log files can contain log event message streams or accounting/billing information. Log file IDs are used to direct events, alarms/traps, and debug information to their respective targets.
  2. SNMP trap groups — SNMP trap groups contain an IP address and community names that identify targets to send traps following specified events
  3. Syslog — information can be sent to a syslog host that is capable of receiving selected syslog messages from a network element
  4. Event control — configures a particular event, or all events associated with an application, to be generated or suppressed
  5. Event filters — an event filter defines whether to forward or drop an event or trap based on match criteria
  6. Accounting policies — an accounting policy defines the accounting records that will be created. Accounting policies can be applied to one or more service access points (SAPs).
  7. Event logs — an event log defines the types of events to be delivered to an associated destination
  8. Event throttling rate — defines the rate of throttling events

Basic Event Log Configuration

The most basic log configuration must have the following:

  1. a log ID or an accounting policy ID
  2. a log source
  3. a log destination

The following displays a log configuration example.

ALU-12>config>log# info
#------------------------------------------
echo "Log Configuration"
#------------------------------------------
        file-id 1
            description "This is a test file-id."
            location cf3:
        exit
        file-id 2
            description "This is a test log."
            location cf3:
        exit
        snmp-trap-group 7
            trap-target 11.22.33.44 "snmpv2c" notify-community "public"
        exit
        log-id 2
            from main
            to file 2
        exit
----------------------------------------------
ALU-12>config>log#

Common Configuration Tasks

The following sections describe basic system tasks that must be performed.

  1. Configuring an Event Log
  2. Configuring a File ID
  3. Configuring an Accounting Policy
  4. Configuring Event Control
  5. Configuring Throttle Rate
  6. Configuring a Log Filter
  7. Configuring an SNMP Trap Group
  8. Configuring a Syslog Target

Configuring an Event Log

An event log file contains information used to direct events, alarms, traps, and debug information to their respective destinations. One or more event sources can be specified. File IDs, SNMP trap groups, or syslog IDs must be configured before they can be applied to an event log ID.

Use the following CLI syntax to configure a log file:

CLI Syntax:
config>log
log-id log-id
description description-string
filter filter-id
from {[main] [security] [change] [debug-trace]}
to console
to file file-id
to memory [size]
to session
to snmp [size]
to syslog syslog-id
time-format {local | utc}
no shutdown

The following displays an example of the log file configuration command syntax:

Example:
config# log
config>log# log-id 2
config>log>log-id$ description "This is a test log file."
config>log>log-id# filter 1
config>log>log-id# from main security
config>log>log-id# to file 1
config>log>log-id# no shutdown
config>log>log-id# exit

The following displays a log file configuration:

ALU-12>config>log>log-id# info
----------------------------------------------
...
    log-id 2
            description "This is a test log file."
            filter 1
            from main security
            to file 1
    exit
...
----------------------------------------------
ALU-12>config>log>log-id#

Configuring a File ID

To create a log file, a file ID is defined that specifies the target compact flash drive and the rollover and retention interval period for the file. The rollover interval is defined in minutes and determines how long a file will be used before it is closed and a new log file is created. The retention interval determines how long the file will be stored on the compact flash drive before it is deleted.

Use the following CLI syntax to configure a log file ID:

CLI Syntax:
config>log
file-id log-file-id
description description-string
location cflash-id
rollover minutes [retention hours]

The following displays an example of the log file ID configuration command syntax:

Example:
config# log
config>log# file-id 1
config>log>file-id# description "This is a log file."
config>log>file-id# location cf3:
config>log>file-id# rollover 600 retention 24

The following displays the file ID configuration:

ALU-12>config>log# info
------------------------------------------
        file-id 1
            description "This is a log file."
            location cf3:
            rollover 600 retention 24
        exit
----------------------------------------------
ALU-12>config>log#

Configuring an Accounting Policy

Before an accounting policy can be created, a target log file must be created to collect the accounting records. The files are stored in system memory on the compact flash drive in a compressed (tar) XML format and can be retrieved using FTP or SCP. See Configuring an Event Log and Configuring a File ID.

Accounting policies must be configured in the config>log context before they can be applied to a SAP or service interface. For information on associating an accounting policy with a SAP, see the 7705 SAR OS Services Guide.

An accounting policy must define a record type and collection interval. Only one record type can be configured per accounting policy.

When creating accounting policies, one service accounting policy can be defined as default. If statistics collection is enabled on a SAP and no accounting policy is applied, then the respective default policy is used. If no default policy is defined, then no statistics are collected unless a specifically defined accounting policy is applied.

Use the following CLI syntax to configure an accounting policy:

CLI Syntax:
config>log>
accounting-policy acct-policy-id interval minutes   
description description-string
default
record record-name
to file log-file-id
no shutdown

The following displays an example of the accounting policy configuration command syntax:

Example:
config>log# accounting-policy 4
config>log>acct-policy# description "This is the default
  accounting policy."
config>log>acct-policy# record service-ingress-packets
config>log>acct-policy# default
config>log>acct-policy# to file 1
config>log>acct-policy# exit
config>log# accounting-policy 5
config>log>acct-policy# description "This is a test
  accounting policy."
config>log>acct-policy# record service-ingress-packets
config>log>acct-policy# to file 2
config>log>acct-policy#

The following displays the accounting policy configuration:

ALU-12>config>log# info
----------------------------------------------
    accounting-policy 4
        description "This is the default accounting policy."
        record service-ingress-packets
        default
        to file 1
    exit
    accounting-policy 5
        description "This is a test accounting policy."
        record service-ingress-packets
        to file 2
    exit
----------------------------------------------
ALU-12>config>log#

Configuring Event Control

Use the following CLI syntax to configure event control. Note that the throttle parameter used in the event-control command syntax enables throttling for a specific event type. The config>log>throttle-rate command configures the number of events and interval length to be applied to all event types that have throttling enabled by this event-control command.

CLI Syntax:
config>log
event-control application-id [event-name | event-number] generate [severity-level] [throttle]
event-control application-id [event-name | event-number] suppress
throttle-rate events [interval seconds]

The following displays an example of an event control configuration command syntax:

Example:
config# log
config>log# event-control atm 2014 generate critical
config>log# event-control oam 2001 suppress
config>log# throttle-rate 500 interval 10

The following displays the event control configuration:

ALU-12>config>log# info
#------------------------------------------
echo "Log Configuration"
#------------------------------------------
        throttle-rate 500 interval 10
        event-control "atm" 2014 generate critical
        event-control "oam" 2001 suppress
..
----------------------------------------------
ALU-12>config>log>filter#

Configuring Throttle Rate

This command configures the number of events and interval length to be applied to all event types that have throttling enabled by the event-control command.

Use the following CLI syntax to configure the throttle rate.

CLI Syntax:
config>log#
throttle-rate events [interval seconds]

The following displays an example of the configuration command syntax:

Example:
config>log# throttle-rate 500 interval 10
config>log# event-control mpls 2001 generate throttle

The following displays the configuration:

*A:gal171>config>log# info
---------------------------------------------
        throttle-rate 500 interval 10
        event-control “mpls” 2001 generate throttle
----------------------------------------------
*A:gal171>config>log# 

Configuring a Log Filter

Use the following CLI syntax to configure a log filter:

CLI Syntax:
config>log
filter filter-id
default-action {drop | forward}
description description-string
entry entry-id
action {drop | forward}
description description-string
match
application {eq | neq} application-id
number {eq | neq | lt | lte | gt | gte} event-id
router {eq | neq} router-instance [regexp]
severity {eq | neq | lt | lte | gt | gte} severity-level
subject {eq | neq} subject [regexp]

The following displays an example of the log filter configuration command syntax:

Example:
config# log
config>log# filter 1
config>log>filter# description "This is a sample filter."
config>log>filter# default-action drop
config>log>filter# entry 1
config>log>filter>entry$ action forward
config>log>filter>entry# match application eq atm
config>log>filter>entry# match severity eq critical
config>log>filter>entry# exit

The following displays the log filter configuration:

ALU-12>config>log# info
#------------------------------------------
echo "Log Configuration"
#------------------------------------------
        file-id 1
            description "This is our log file."
            location cf3:
            rollover 600 retention 24
        exit
        filter 1
            default-action drop
            description "This is a sample filter."
            entry 1
                action forward
                match
                    application eq "atm"
                    severity eq critical
                exit
            exit
        exit
...
        log-id 2
            shutdown
            description "This is a test log file."
            filter 1
            from main security
            to file 1
        exit
...
------------------------------------------
ALU-12>config>log#

Configuring an SNMP Trap Group

The associated log-id does not have to be configured before a snmp-trap-group can be created; however, the snmp-trap-group must exist before the log-id can be configured to use it.

Use the following CLI syntax to configure an SNMP trap group:

CLI Syntax:
config>log
snmp-trap-group log-id
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}]

The following displays an example of the SNMP trap group configuration command syntax:

Example:
config# log
config>log# snmp-trap-group 2
config>log>snmp-trap-group# trap-target "target name" address 10.10.10.104 notify-community "communitystring" security-level no-auth-no-privacy
config>log>snmp-trap-group# exit

The following displays the SNMP trap group configuration:

ALU-12>config>log# info
----------------------------------------------
...
    snmp-trap-group 2
        trap-target “target name” address 10.10.10.104:5 "snmpv3" notify-community
         "communitystring" 
        exit
...
    log-id 2
            description "This is a test log file."
            filter 1
            from main security
            to file 1
    exit
...
----------------------------------------------
ALU-12>config>log#

Configuring a Syslog Target

Log events cannot be sent to a syslog target host until a valid syslog ID exists.

Use the following CLI syntax to configure a syslog file:

CLI Syntax:
config>log
syslog syslog-id
address ip-address
description description-string
facility syslog-facility
level {emergency | alert | critical | error | warning | notice | info | debug}
log-prefix log-prefix-string
port port

The following displays an example of the syslog file configuration command syntax:

Example:
config# log
config>log# syslog 1
config>log>syslog$ description "This is a syslog file."
config>log>syslog# address 10.10.10.104
config>log>syslog# facility user
config>log>syslog# level warning

The following displays the syslog configuration:

ALU-12>config>log# info
----------------------------------------------
...
        syslog 1
            description "This is a syslog file."
            address 10.10.10.104
            facility user
            level warning
        exit
...
----------------------------------------------
ALU-12>config>log#

Log Management Tasks

This section discusses the following logging tasks:

  1. Modifying a Log File
  2. Deleting a Log File
  3. Modifying a File ID
  4. Deleting a File ID
  5. Modifying a Syslog ID
  6. Deleting a Syslog ID
  7. Modifying an SNMP Trap Group
  8. Deleting an SNMP Trap Group
  9. Modifying a Log Filter
  10. Deleting a Log Filter
  11. Modifying Event Control Parameters
  12. Returning to the Default Event Control Configuration

Modifying a Log File

Use the following CLI syntax to modify a log file:

CLI Syntax:
config>log
log-id log-id
description description-string
filter filter-id
from {[main] [security] [change] [debug-trace]}
to console
to file file-id
to memory [size]
to session
to snmp [size]
to syslog syslog-id

The following displays the current log configuration:

ALU-12>config>log>log-id# info
----------------------------------------------
...
    log-id 2
            description "This is a test log file."
            filter 1
            from main security
            to file 1
    exit
...
----------------------------------------------
ALU-12>config>log>log-id#

The following displays an example of modifying log file parameters:

Example:
config# log
config>log# log-id 2
config>log>log-id# description "Chassis log file."
config>log>log-id# filter 2
config>log>log-id# from security
config>log>log-id# exit

The following displays the modified log file configuration:

ALU-12>config>log# info
----------------------------------------------
...
    log-id 2
            description "Chassis log file."
            filter 2
            from security
            to file 1
    exit
...
----------------------------------------------
ALU-12>config>log#

Deleting a Log File

The log ID must be shut down first before it can be deleted. In a previous example, file 1 is associated with log-id 2.

ALU-12>config>log# info
----------------------------------------------
    file-id 1
            description "LocationTest."
            location cf3:
            rollover 600 retention 24
        exit
...
    log-id 2
            description "Chassis log file."
            filter 2
            from security
            to file 1
    exit
...
----------------------------------------------
ALU-12>config>log#

Use the following CLI syntax to delete a log file:

CLI Syntax:
config>log
no log-id log-id
shutdown

The following displays an example of deleting a log file:

Example:
config# log
config>log# log-id 2
config>log>log-id# shutdown
config>log>log-id# exit
config>log# no log-id 2

Modifying a File ID

Note:

When the file-id location parameter is modified, log files are not written to the new location until a rollover occurs or the log is manually cleared. A rollover can be forced by using the clear>log command. Subsequent log entries are then written to the new location. If a rollover does not occur or the log is not cleared, the old location remains in effect.

Use the following CLI syntax to modify a file ID:

CLI Syntax:
config>log
file-id log-file-id
description description-string
location [cflash-id]
rollover minutes [retention hours]

The following displays the current file ID configuration:

ALU-12>config>log# info
------------------------------------------
        file-id 1
            description "This is a log file."
            location cf3:
            rollover 600 retention 24
        exit
----------------------------------------------
ALU-12>config>log#

The following displays an example of modifying file ID parameters:

Example:
config# log
config>log# file-id 1
config>log>file-id# description "LocationTest."
config>log>file-id# location cf3:
config>log>file-id# rollover 2880 retention 500
config>log>file-id# exit

The following displays the file ID modifications:

ALU-12>config>log# info
----------------------------------------------
...
   file-id 1
            description "LocationTest."
            location cf3:
            rollover 2880 retention 500
        exit
...
----------------------------------------------

Deleting a File ID

Note:

All references to the file ID must be deleted before the file ID can be removed.

Use the following CLI syntax to delete a file ID:

CLI Syntax:
config>log
no file-id log-file-id

The following displays an example of deleting a file ID:

Example:
config>log# no file-id 1

Modifying a Syslog ID

Use the following CLI syntax to modify syslog ID parameters:

CLI Syntax:
config>log
syslog syslog-id
address ip-address
description description-string
facility syslog-facility
level {emergency | alert | critical | error | warning | notice | info | debug}
log-prefix log-prefix-string
port port

The following displays an example of the syslog ID modifications:

Example:
config# log
config>log# syslog 1
config>log>syslog$ description "Test syslog."
config>log>syslog# address 10.10.0.91
config>log>syslog# facility mail
config>log>syslog# level info

The following displays the syslog configuration:

ALU-12>config>log# info
----------------------------------------------
...
        syslog 1
            description "Test syslog."
            address 10.10.10.91
            facility mail
            level info
        exit
...
----------------------------------------------
ALU-12>config>log#

Deleting a Syslog ID

Note:

 All references to the syslog ID must be deleted before the syslog ID can be removed.

Use the following CLI syntax to delete a syslog ID:

CLI Syntax:
config>log
no syslog syslog-id

The following displays an example of deleting a syslog ID:

Example:
config# log
config>log# no syslog 1

Modifying an SNMP Trap Group

Use the following CLI syntax to modify an SNMP trap group:

CLI Syntax:
config>log
snmp-trap-group log-id
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}]

The following displays the current SNMP trap group configuration:

ALU-12>config>log# info
----------------------------------------------
...
    snmp-trap-group 10
        trap-target 10.10.10.104:5 "snmpv3" notify-community "communitystring" 
    exit
...
----------------------------------------------
ALU-12>config>log#

The following displays an example of the command usage to modify an SNMP trap group:

Example:
config# log
config>log# snmp-trap-group 10
config>log>snmp-trap-group# no trap-target 10.10.10.104:5
config>log>snmp-trap-group# snmp-trap-group#  trap- target 10.10.0.91:1 snmpv2c notify-community "com1"

The following displays the SNMP trap group configuration:

ALU-12>config>log# info
----------------------------------------------
...
        snmp-trap-group 10
            trap-target 10.10.0.91:1 "snmpv2c" notify-community "com1”
        exit
...
----------------------------------------------
ALU-12>config>log#

Deleting an SNMP Trap Group

Use the following CLI syntax to delete a trap target and SNMP trap group:

CLI Syntax:
config>log
no snmp-trap-group log-id
no trap-target name

The following displays the SNMP trap group configuration:

ALU-12>config>log# info
----------------------------------------------
...
       snmp-trap-group 10
           trap-target 10.10.0.91:1 "snmpv2c" notify-community "com1"
       exit
...
----------------------------------------------
ALU-12>config>log#

The following displays an example of deleting a trap target and an SNMP trap group.

Example:
config>log# snmp-trap-group 10
config>log>snmp-trap-group# no trap-target 10.10.0.91:1
config>log>snmp-trap-group# exit
config>log# no snmp-trap-group 10

Modifying a Log Filter

Use the following CLI syntax to modify a log filter:

CLI Syntax:
config>log
filter filter-id
default-action {drop | forward}
description description-string
entry entry-id
action {drop | forward}
description description-string
match
application {eq | neq} application-id number {eq | neq | lt | lte | gt | gte} event-id
router {eq | neq} router-instance [regexp]
severity {eq | neq | lt | lte | gt | gte} severity-level
subject {eq | neq} subject [regexp]

The following output displays the current log filter configuration:

ALU-12>config>log# info
#------------------------------------------
echo "Log Configuration"
#------------------------------------------
...
        filter 1
            default-action drop
            description "This is a sample filter."
            entry 1
                action forward
                match
                    application eq "atm"
                    severity eq critical
                exit
            exit
        exit
...
------------------------------------------
ALU-12>config>log#

The following displays an example of the log filter modifications:

Example:
config# log
config>log# filter 1
config>log>filter# description "This allows <n>."
config>log>filter# default-action forward
config>log>filter# entry 1
config>log>filter>entry$ action drop
config>log>filter>entry# match
config>log>filter>entry>match# application eq user
config>log>filter>entry>match# number eq 2001
config>log>filter>entry>match# no severity
config>log>filter>entry>match# exit

The following displays the log filter configuration:

ALU-12>config>log>filter# info
----------------------------------------
...
            description "This allows <n>."
            entry 1
                action drop
                match
                    application eq "user"
                    number eq 2001
                exit
            exit
        exit
...
----------------------------------------
ALU-12>config>log>filter#

Deleting a Log Filter

Use the following CLI syntax to delete a log filter:

CLI Syntax:
config>log
no filter filter-id

The following displays an example of the command to delete a log filter:

Example:
config>log# no filter 1

Modifying Event Control Parameters

Use the following CLI syntax to modify event control parameters:

CLI Syntax:
config>log
event-control application-id [event-name | event-number] generate [severity-level] [throttle]
event-control application-id [event-name | event-number] suppress

The following displays the current event control configuration:

ALU-12>config>log# info
----------------------------------------------
...
    event-control "atm" 2014 generate critical
...
----------------------------------------------
ALU-12>config>log#

The following displays an example of event control modifications:

Example:
config# log
config>log# event-control atm 2014 suppress

The following displays the log filter configuration:

ALU-12>config>log# info
----------------------------------------------
...
        event-control "atm" 2014 suppress
...
----------------------------------------------
ALU-12>config>log#

Returning to the Default Event Control Configuration

The no form of the event-control command returns modified values back to the default values.

Use the following CLI syntax to return to the default event control configuration:

CLI Syntax:
config>log
no event-control application [event-name | event-number]

The following displays an example of the command usage to return to the default values:

Example:
config# log
config>log# no event-control "atm" 2014
config>log# no event-control "filter" 2001
config>log# no event-control "mpls" 2001
ALU-12>config>log# info detail
----------------------------------------------
#------------------------------------------
echo "Log Configuration"
#------------------------------------------
...
        event-control "atm" 2004 generate minor
        event-control "atm" 2005 generate warning
        event-control "atm" 2006 generate warning
        event-control "atm" 2007 generate critical
        event-control "atm" 2008 generate warning
        event-control "atm" 2009 generate warning
        event-control "atm" 2010 generate warning
        event-control "atm" 2011 generate warning
        event-control "atm" 2012 generate warning
        event-control "atm" 2013 generate warning
        event-control "atm" 2014 generate warning
        event-control "atm" 2015 generate warning
        event-control "atm" 2016 generate warning
        event-control "atm" 2017 generate warning
...
----------------------------------------------
ALU-12>config>log#