An event log can be configured to send events to one syslog destination. Syslog destinations have the following properties:
Syslog server IP address
UDP port or TLS profile used to send the syslog message
Syslog Facility Code (0 to 23) (default 23 - local 7)
Syslog Severity Threshold (0 to 7); sends events exceeding the configured level
Because syslog uses eight severity levels whereas the router uses six internal severity levels, the severity levels are mapped to syslog severities. The following table describes the severity level mappings to syslog severities.
| SR OS event severity | Syslog severity numerical code | Syslog severity name | Syslog severity definition |
|---|---|---|---|
— |
0 |
emergency |
System is unusable |
critical (3) |
1 |
alert |
Action must be taken immediately |
major (4) |
2 |
critical |
Critical conditions |
minor (5) |
3 |
error |
Error conditions |
warning (6) |
4 |
warning |
Warning conditions |
— |
5 |
notice |
Normal but significant condition |
cleared (1) indeterminate (2) |
6 |
info |
Informational messages |
— |
7 |
debug |
Debug-level messages |
The general format of an SR OS syslog message is as follows (see RFC 3164, The BSD Syslog Protocol):
<PRI> <HEADER><MSG>
where:
<PRI> (the ‟<” and ‟>” are included in the syslog message) is the configured facility*8+severity (as described in the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide and RFC 3164).
<HEADER> is "MMM DD HH:MM:SS <source IP addr>" (without the quotes). There are always 2 characters for the day (DD). Single digit days are preceded with a space character.
<MSG> is <log-prefix>: <seq> <vrtr-name> <application>-<severity>-<Event Name>-<Event ID> [<subject>]: <message>\n
<log-prefix> is an optional 32 characters of text (default = 'TMNX') as configured in the log-prefix command.
<seq> is the log event sequence number (always preceded by a colon and a space char)
<vrtr-name> is vprn1, vprn2, … | Base | management | vpls-management
<subject> may be empty resulting in []:
\n is the standard ASCII newline character (0x0A)
Examples (from different nodes)
default log-prefix (TMNX):
<188>Jan 2 18:43:23 10.221.38.108 TMNX: 17 Base SYSTEM-WARNING-tmnxStateChange-
2009 [CHASSIS]: Status of Card 1 changed administrative state: inService,
operational state: outOfService\n
<186>Jan 2 18:43:23 10.221.38.108 TMNX: 18 Base CHASSIS-MAJOR-tmnxEqCardRemoved-
2003 [Card 1]: Class IO Module : removed\n
no log-prefix:
<188>Jan 11 18:48:12 10.221.38.108 : 32 Base SYSTEM-WARNING-tmnxStateChange-2009
[CHASSIS]: Status of Card 1 changed administrative state: inService,
operational state: outOfService\n
<186>Jan 11 18:48:12 10.221.38.108 : 33 Base CHASSIS-MAJOR-tmnxEqCardRemoved-
2003 [Card 1]: Class IO Module : removed\n
log-prefix "test":
<186>Jan 11 18:51:22 10.221.38.108 test: 47 Base CHASSIS-MAJOR-tmnxEqCardRemoved-
2003 [Card 1]: Class IO Module : removed\n
<188>Jan 11 18:51:22 10.221.38.108 test: 48 Base SYSTEM-WARNING-tmnxStateChange-
2009 [CHASSIS]: Status of Card 1 changed administrative state: inService,
operational state: outOfService\n