[no] log-id log-id
config>log
This command creates a context to configure destinations for event streams.
The log-id context is used to direct events, alarms, traps, and debug information to respective destinations.
A maximum of 100 logs can be configured.
Before an event can be associated with this log-id, the log-id>from command identifying the source of the event must be configured.
Only one destination can be specified for a log-id. The destination of an event stream can be an in-memory buffer, console, session, snmp-trap-group, syslog, or file.
Use the event-control command to suppress the generation of events, alarms, and traps for all log destinations.
An event filter policy can be applied in the log-id context to limit which events, alarms, and traps are sent to the specified log-id.
Log-IDs 99 and 100 are created by the agent. Log-ID 99 captures all log messages. Log-ID 100 captures log messages with a severity level of major and above.
The no form of the command deletes the log destination ID from the configuration.
No log destinations are defined
the log ID number, expressed as a decimal integer
filter filter-id
no filter
config>log>log-id
This command associates an event filter policy with the log destination.
The filter command is optional. If no event filter is configured, all events, alarms and traps generated by the source stream will be forwarded to the destination.
An event filter policy defines (limits) the events that are forwarded to the destination configured in the log-id. The event filter policy can also be used to select the alarms and traps to be forwarded to a destination snmp-trap-group.
The application of filters for debug messages is limited to application and subject only.
Accounting records cannot be filtered using the filter command.
Only one filter-id can be configured per log destination.
The no form of the command removes the specified event filter from the log-id.
no filter
the event filter policy ID that is used to associate the filter with the log-id configuration. The event filter policy ID must already be defined in the config>log>filter filter-id context. Log ID 100 is preconfigured by the system as a Severe Event Log that is associated with filter policy 1001 by default.
from {[main] [security] [change] [debug-trace]}
no from
config>log>log-id
This command selects the source stream to be sent to a log destination.
One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example: from main change debug-trace).
Only one from command may be entered for a single log-id. If multiple from commands are entered, then the last command entered overwrites the previous command.
The no form of the command removes all previously configured source streams.
no from
instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter (log destination) command.
instructs all events in the security event stream to be sent to the destination defined in the to command for this destination log-id. The security stream contains all events that affect attempts to breach system security such as failed login attempts, attempts to access MIB tables to which the user is not granted access, or attempts to enter a branch of the CLI to which access has not been granted. To limit the events forwarded to the destination, configure filters using the filter (log destination) command.
instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter (log destination) command.
instructs all debug-trace messages in the debug stream to be sent to the destination configured in the to command for this destination log-id. Filters applied to debug messages are limited to application and subject.
to console
config>log>log-id
This command instructs the events selected for the log ID to be directed to the console. If the console is not connected, all entries are dropped.
The command is one of the to commands used to specify the log ID destination. A to command is mandatory when configuring a log destination.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command can only be set once. It cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed and then recreated.
No destination is specified
to file log-file-id
config>log>log-id
This command instructs the events selected for the log ID to be directed to a specified file.
The command is one of the to commands used to specify the log ID destination. A to command is mandatory when configuring a log destination.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command can only be set once. It cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed and then recreated.
No destination is specified
instructs the events selected for the log ID to be directed to the log-file-id. The characteristics of the log-file-id referenced here must have already been defined in the config>log>file-id log-file-id context.
to memory [size]
config>log>log-id
This command instructs the events selected for the log ID to be directed to a memory file. A memory file is a circular buffer. When the file is full, each new entry replaces the oldest entry in the log.
The command is one of the to commands used to specify the log ID destination. A to command is mandatory when configuring a log destination.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command can only be set once. It cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed and then recreated.
No destination is specified
indicates the number of events that can be stored in the memory log
to session
config>log>log-id
This command instructs the events selected for the log ID to be directed to the current console or Telnet session. This command is only valid for the duration of the session. When the session is terminated, the to session configuration is removed. A log ID with a session destination is saved in the configuration file but the to session part of the configuration is not stored.
The command is one of the to commands used to specify the log ID destination. A to command is mandatory when configuring a log destination.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command can only be set once. It cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed and then recreated.
No destination is specified
to snmp [size]
config>log>log-id
This command instructs the alarms and traps to be directed to the snmp-trap-group associated with the log-id.
A local circular memory log is always maintained for SNMP notifications sent to the specified snmp-trap-group for the log-id.
The command is one of the to commands used to specify the log ID destination. A to command is mandatory when configuring a log destination.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command can only be set once. It cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed and then recreated.
No destination is specified
defines the number of events stored in this memory log
to syslog syslog-id
config>log>log-id
This command instructs the alarms and traps to be directed to a specified syslog. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1 kbyte.
The command is one of the to commands used to specify the log ID destination. A to command is mandatory when configuring a log destination.
The source of the data stream must be specified in the from command before configuring the destination with the to command.
The to command can only be set once. It cannot be modified or re-entered. If the log destination needs to be changed or if the maximum size of an SNMP log or memory log needs to be modified, the log ID must be removed and then recreated.
No destination is specified
instructs the events selected for the log ID to be directed to the syslog-id. The characteristics of the syslog-id referenced here must have been defined in the config>log>syslog syslog-id context.
time-format {local | utc}
config>log>log-id
This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.
utc
specifies that timestamps are written in the system's local time
specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.