Event logging controls the generation, dissemination and recording of system events for monitoring status and troubleshooting faults within the system. Events are messages generated by the system by applications or processes within the 7705 SAR. The 7705 SAR groups events into four major categories or event sources:
Security events — security events are generated by the SECURITY application and pertain to attempts to breach system security
Change events — change events are generated by the USER application and pertain to the configuration and operation of the node
Debug events — debug events are generated by the DEBUG application and pertain to trace or other debugging information
Main events — main events pertain to 7705 SAR applications that are not assigned to other event categories/sources
The applications listed above have the following properties:
a timestamp in UTC or local time
the generating application
a unique event ID within the application
a router name identifying the VRF-ID that generated the event
a subject identifying the affected object
a short text description
Event control assigns the severity for each application event and determines whether the event should be generated or suppressed. The severity numbers and severity names supported in the 7705 SAR conform to ITU standards M.3100 X.733 and X.21 and are listed in Table: Event Severity Levels .
Severity Number |
Severity Name |
|---|---|
1 |
Cleared |
2 |
Indeterminate (info) |
3 |
Critical |
4 |
Major |
5 |
Minor |
6 |
Warning |
Event control maintains a count of the number of events generated (logged) and dropped (suppressed) for each application event. The severity of an application event can be configured in event control.
An event log within the 7705 SAR associates the event sources with logging destinations. Examples of logging destinations include the console session, memory logs, file destinations, SNMP trap groups, and syslog destinations. A log filter policy can be associated with the event log to control which events are logged in the event log based on combinations of application, severity, event ID range, and the subject of the event.