Contents

Information center commands· 1

diagnostic-logfile save· 1

display diagnostic-logfile summary· 1

display info-center 2

display logbuffer 3

display logbuffer summary· 4

display logfile summary· 5

display security-logfile summary· 6

enable log updown· 7

info-center diagnostic-logfile enable· 7

info-center diagnostic-logfile frequency· 8

info-center diagnostic-logfile quota· 8

info-center diagnostic-logfile directory· 9

info-center logfile overwrite-protection· 9

info-center enable· 10

info-center format 11

info-center logbuffer 11

info-center logbuffer size· 12

info-center logfile enable· 12

info-center logfile frequency· 13

info-center logfile size-quota· 13

info-center logfile directory· 14

info-center logging suppress duplicates· 15

info-center logging suppress module· 16

info-center loghost 17

info-center loghost source· 18

info-center security-logfile alarm-threshold· 18

info-center security-logfile enable· 19

info-center security-logfile frequency· 20

info-center security-logfile size-quota· 20

info-center security-logfile directory· 21

info-center source· 21

info-center synchronous· 23

info-center syslog min-age· 24

info-center timestamp· 25

info-center timestamp loghost 25

info-center trace-logfile quota· 26

logfile save· 27

reset logbuffer 27

security-logfile save· 27

terminal debugging· 28

terminal logging level 29

terminal monitor 30

 

Information center commands

diagnostic-logfile save

Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file.

Syntax

diagnostic-logfile save

Views

Any view

Predefined user roles

network-admin

Usage guidelines

When this command is executed, the system displays a message indicating that logs in the buffer have been saved to the diagnostic log file even if the diagnostic log buffer does not contain diagnostic logs.

You can specify the directory to store the diagnostic log file by using the info-center diagnostic-logfile directory command.

The system clears the diagnostic log buffer after saving the buffered diagnostic logs to the diagnostic log file.

Examples

# Manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file.

<Sysname> diagnostic-logfile save

The contents in the diagnostic log file buffer have been saved to the file flash:/ diagfile/diagfile.log.

Related commands

·     info-center diagnostic-logfile directory

·     info-center diagnostic-logfile enable

display diagnostic-logfile summary

Use display diagnostic-logfile summary to display the diagnostic log file configuration.

Syntax

display diagnostic-logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the diagnostic log file configuration.

<Sysname> display diagnostic-logfile summary

  Diagnostic log file: Enabled.

  Diagnostic log file size quota: 10 MB

  Diagnostic log file directory: flash:/diagfile

  Writing frequency: 24 hour 0 min 0 sec

Table 1 Command output

Field	Description
Diagnostic log file	·     Enabled—Diagnostic logs can be output to the diagnostic log file. ·     Disabled—Diagnostic logs cannot be output to the diagnostic log file.
Diagnostic log file size quota	Maximum size of the diagnostic log file, in MB.
Log file directory	Directory where the diagnostic log file is saved.
Writing frequency	Interval at which the system saves diagnostic logs from the buffer to the diagnostic log file.

 

display info-center

Use display info-center to display information center configuration information.

Syntax

display info-center

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information center configuration.

<Sysname> display info-center

Information Center: Enabled

Console: Enabled

Monitor: Enabled

Log host: Enabled

    IP address: 192.168.0.1, port number: 5000, host facility: local7

    IP address: 192.168.0.2, port number: 5001, host facility: local5

Log buffer: Enabled

    Max buffer size 1024, current buffer size 512,

    Current messages 0, dropped messages 0, overwritten messages 0

Log file: Enabled

Security log file: Enabled

Information timestamp format:

    Loghost: Date

    Other output destination: Date

display logbuffer

Use display logbuffer to display the state of the log buffer and the log information in the log buffer.

Syntax

display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

reverse: Displays log entries chronologically, with the most recent entry at the top. If you do not specify this keyword, the command displays log entries chronologically, with the oldest entry at the top.

level severity: Specifies a severity level in the range of 0 to 7. If you do not specify this keyword, the command displays log information for all levels.

Table 2 Log levels

Severity value	Level	Description	Corresponding keyword in commands
0	Emergency	The system is unusable. For example, the system authorization has expired.	emergency
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.	alert
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.	critical
3	Error	Error condition. For example, the link state changes.	error
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.	warning
5	Notification	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.	notification
6	Informational	Informational message. For example, a command or a ping operation is executed.	informational
7	Debug	Debugging message.	debugging

 

size buffersize: Specifies the number of latest log messages to be displayed, in the range of 1 to 1024. If you do not specify this keyword, the command displays all log information.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display the state and log information of the log buffer.

<Sysname> display logbuffer slot 1

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 0

Current messages: 127

%Jun 19 18:03:24:55 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted

…

Table 3 Command output

Field	Description
Log buffer	·     Enabled—Logs can be output to the log buffer. ·     Disabled—Logs cannot be output to the buffer.
Max buffer size	Maximum buffer size supported by the device.
Actual buffer size	Maximum buffer size configured by using the info-center logbuffer size command.
Dropped messages	Number of dropped messages.
Overwritten messages	Number of overwritten messages.
Current messages	Number of current messages.

 

Related commands

·     info-center logbuffer

·     reset logbuffer

display logbuffer summary

Use display logbuffer summary to display the summary of the log buffer.

Syntax

display logbuffer summary [ level severity | slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

level severity: Specifies a severity level in the range of 0 to 7. If you do not specify this keyword, the command displays log information of all levels in the log buffer. For more information about log levels, see Table 2.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display the summary of the log buffer.

<Sysname> display logbuffer summary

Slot EMERG ALERT  CRIT ERROR  WARN NOTIF  INFO DEBUG                         

     1     0     0     0     5     4    37   123     0                         

     2     0     0     0     0     0     0     0     0                         

     3     0     0     0     0     0     0     0     0                         

     4     0     0     0     0     0     0     0     0                         

     5     0     0     0     0     0     0     0     0                         

     6     0     0     0     0     0     0     0     0                         

     7     0     0     0     0     0     0     0     0                         

     8     0     0     0     0     0     0     0     0                         

     9     0     0     0     0     0     0     0     0                         

    10     0     0     0     0     0     0     0     0

Table 4 Command output

Field	Description
Slot	IRF member ID.
EMERG	Represents emergency. For more information, see Table 2.
ALERT	Represents alert. For more information, see Table 2.
CRIT	Represents critical. For more information, see Table 2.
ERROR	Represents error. For more information, see Table 2.
WARN	Represents warning. For more information, see Table 2.
NOTIF	Represents notification. For more information, see Table 2.
INFO	Represents informational. For more information, see Table 2.
DEBUG	Represents debug. For more information, see Table 2.

 

display logfile summary

Use display logfile summary to display the log file configuration.

Syntax

display logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the log file configuration.

<Sysname> display logfile summary

  Log file: Enabled.

  Log file size quota: 10 MB

  Log file directory: flash:/logfile

  Writing frequency: 0 hour 1 min 10 sec

Table 5 Command output

Field	Description
Log file	·     Enabled—Logs can be output to a log file. ·     Disabled—Logs cannot be output to a log file.
Log file size quota	Maximum storage space reserved for a log file, in MB.
Log file directory	Log file directory.
Writing frequency	Log file writing frequency.

 

display security-logfile summary

Use display security-logfile summary to display the summary of the security log file.

Syntax

display security-logfile summary

Views

Any view

Predefined user roles

security-audit

Usage guidelines

A local user can use this command only after being authorized as the security log administrator by the system administrator through the authorization-attribute user-role security-audit command. For more information about security log administrator, see Security Configuration Guide.

Examples

# Display the summary of the security log file.

<Sysname> display security-logfile summary

  Security log file: Enabled

  Security log file size quota: 10 MB

  Security log file directory: flash:/seclog

  Alarm threshold: 80%

  Current usage: 30%

  Writing frequency: 1 hour 0 min 0 sec

Table 6 Command output

Field	Description
Security log file	·     Enabled—Security logs can be output to the security log file. ·     Disabled—Security logs cannot be output to the security log file.
Security log file size quota	Maximum storage space reserved for the security log file.
Security log file directory	Security log file directory.
Alarm-threshold	Alarm threshold of the security log file usage.
Current usage	Current usage of the security log file.
Writing frequency	Security log file writing frequency.

 

Related commands

authorization-attribute (Security Command Reference)

enable log updown

Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.

Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.

Syntax

enable log updown

undo enable log updown

Default

All interfaces are allowed to generate link up and link down logs.

Views

Interface view

Predefined user roles

network-admin

Examples

# Disable port Ten-GigabitEthernet 1/0/1 from generating link up or link down logs.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo enable log updown

info-center diagnostic-logfile enable

Use info-center diagnostic-logfile enable to enable saving diagnostic logs to the diagnostic log file.

Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs to the diagnostic log file.

Syntax

info-center diagnostic-logfile enable

undo info-center diagnostic-logfile enable

Default

Saving diagnostic logs to the diagnostic log file is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the system to save generated diagnostic logs to the diagnostic log file for centralized management. This facilitates users in monitoring device activities and debugging problems by viewing the diagnostic logs.

Examples

# Enable saving diagnostic logs to the diagnostic log file.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile enable

info-center diagnostic-logfile frequency

Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

Use undo info-center diagnostic-logfile frequency to restore the default saving interval.

Syntax

info-center diagnostic-logfile frequency freq-sec

undo info-center diagnostic-logfile frequency

Default

The default saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file. The value range is 10 to 86400 seconds, and the default is 86400 seconds.

Usage guidelines

The system saves diagnostic logs in the diagnostic log buffer, and outputs the buffered diagnostic logs to the diagnostic log file at the specified interval.

Examples

# Configure the system to save diagnostic logs from the diagnostic log file buffer to the diagnostic log file every 600 seconds.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile frequency 600

Related commands

info-center diagnostic-logfile enable

info-center diagnostic-logfile quota

Use info-center diagnostic-logfile quota to set the maximum size of the diagnostic log file.

Use undo info-center diagnostic-logfile quota to restore the default.

Syntax

info-center diagnostic-logfile quota size

undo info-center diagnostic-logfile quota

Default

The maximum size of the diagnostic log file is 10 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size of the diagnostic log file, in the range of 1 to 10 MB.

Examples

# Set the maximum size of the diagnostic log file to 6 MB.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile quota 6

info-center diagnostic-logfile directory

Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.

Syntax

info-center diagnostic-logfile directory dir-name

Default

The diagnostic log file is saved in the diagfile directory under the root directory of the storage device.

Views

System view

Predefined user roles

network-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 511 characters.

Usage guidelines

The specified directory must have been created.

This command cannot survive an IRF reboot or a master/subordinate switchover.

Examples

# Set the directory to save the diagnostic log file to flash:/test.

<Sysname> mkdir test

Creating directory flash:/test... Done.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile directory flash:/test

The directory is in primary partition.

info-center logfile overwrite-protection

Use info-center logfile overwrite-protection to enable log file overwrite-protection. When the log file is full or the storage media runs out of space, the device stops saving logs to the log file.

Use undo info-center logfile overwrite-protection to disable log file overwrite-protection. When the log file is full or the storage media runs out of space, the device overwrites old logs with new logs.

Syntax

info-center logfile overwrite-protection [ all-port-powerdown ]

undo info-center logfile overwrite-protection

Default

Log file overwrite-protection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

all-port-powerdown: Shuts down all the physical ports except for the console port, the management Ethernet port, and IRF ports on the device when the log file is full or the storage media runs out of space.

Usage guidelines

This command is supported only in FIPS mode.

With log file overwrite-protection enabled, the device stops saving new logs to the log file when the log file is full or the storage media runs out of space.

If the all-port-powerdown keyword is specified, the device shuts down all the physical ports except for the console port, the management Ethernet port, and IRF ports on the device when the log file is full or the storage media runs out of space. When this happens, back up the log file, delete the original file to release the storage space, and then bring up the ports.

Examples

# Enable log file overwrite-protection.

<Sysname> system-view

[Sysname] info-center logfile overwrite-protection

info-center enable

Use info-center enable to enable the information center.

Use undo info-center enable to disable the information center.

Syntax

info-center enable

undo info-center enable

Default

The information center is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the information center.

<Sysname> system-view

[Sysname] info-center enable

Information center is enabled.

info-center format

Use info-center format to set the format of logs sent to a log host.

Use undo info-center format to restore the default.

Syntax

info-center format { unicom | cmcc }

undo info-center format

Default

Logs are sent to a log host in standard format.

Views

System view

Predefined user roles

network-admin

Parameters

unicom: Specifies the unicom format.

cmcc: Specifies the cmcc format.

Usage guidelines

Logs can be sent to a log host in standard, unicom, or cmcc format. For more information about log formats, see Network Management and Monitoring Configuration Guide.

Examples

# Set the format of logs sent to a log host as unicom.

<Sysname> system-view

[Sysname] info-center format unicom

info-center logbuffer

Use info-center logbuffer to configure log output to the log buffer.

Use undo info-center logbuffer to disable log output to the log buffer.

Syntax

info-center logbuffer

undo info-center logbuffer

Default

Logs are allowed to be output to the log buffer.

Views

System view

Predefined user roles

network-admin

Examples

# Configure output of log information to the log buffer.

<Sysname> system-view

[Sysname] info-center logbuffer

Related commands

·     display logbuffer

·     info-center enable

info-center logbuffer size

Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.

Use undo info-center logbuffer size to restore the default.

Syntax

info-center logbuffer size buffersize

undo info-center logbuffer size

Default

The log buffer can store up to 512 logs.

Views

System view

Predefined user roles

network-admin

Parameters

buffersize: Specifies the maximum number of logs that can be stored in the log buffer. The value range is 0 to 1024, and the default is 512.

Examples

# Set the maximum number of logs that can be stored in a log buffer to 50.

<Sysname> system-view

[Sysname] info-center logbuffer size 50

# Restore the default maximum log buffer size.

<Sysname> system-view

[Sysname] undo info-center logbuffer size

Related commands

·     display logbuffer

·     info-center enable

info-center logfile enable

Use info-center logfile enable to enable the log file feature.

Use undo info-center logfile enable to disable the log file feature.

Syntax

info-center logfile enable

undo info-center logfile enable

Default

The log file feature is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the output of logs to a log file.

<Sysname> system-view

[Sysname] info-center logfile enable

info-center logfile frequency

Use info-center logfile frequency to configure the interval for saving logs to a log file.

Use undo info-center logfile frequency to restore the default saving interval.

Syntax

info-center logfile frequency freq-sec

undo info-center logfile frequency

Default

The default saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the interval at which the system saves logs to a log file, in the range 1 to 86400 seconds. The default value is 86400.

Usage guidelines

With this command executed, the system saves logs in the log file buffer to a log file at the specified interval.

Examples

# Set the interval for saving logs to a log file to 60000 seconds.

<Sysname> system-view

[Sysname] info-center logfile frequency 60000

Related commands

info-center logfile enable

info-center logfile size-quota

Use info-center logfile size-quota to set the maximum size for the log file.

Use undo info-center logfile size-quota to restore the default.

Syntax

info-center logfile size-quota size

undo info-center logfile size-quota

Default

The maximum size of the log file is 10 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size for the log file, in MB.

Usage guidelines

When the maximum size of the log file is reached, the system deletes the earliest messages and writes new messages to the log file.

Examples

# Set the maximum size of the log file to 6 MB.

<Sysname> system-view

[Sysname] info-center logfile size-quota 6

Related commands

info-center logfile enable

info-center logfile directory

Use info-center logfile directory to configure the directory where the log file is saved.

Syntax

info-center logfile directory dir-name

Default

The directory to save the log file is flash:/logfile.

Views

System view

Predefined user roles

network-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 511 characters.

Usage guidelines

The specified directory must have been created.

The suffix of a log file is .log. When the default directory has no enough space for storing the file, you can specify a new directory for the log file.

The configuration made by this command cannot survive an IRF reboot or a master/subordinate switchover.

Examples

# Create a directory named test under the flash root directory.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# Set the directory to save the log file to flash:/test.

<Sysname> system-view

[Sysname] info-center logfile directory flash:/test

Related commands

info-center logfile enable

info-center logging suppress duplicates

Use info-center logging suppress duplicates to enable duplicate log suppression.

Use undo info-center logging suppress duplicate to restore the default.

Syntax

info-center logging suppress duplicates

undo info-center logging suppress duplicates

Default

Duplicate log suppression is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources.

With this feature enabled, the system starts a suppression period when outputting a new log:

·     During the suppression period, the system does not output logs with the same module name, level, mnemonic, location, and text as the previous log.

·     After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds the first time, 2 minutes the second time, and 10 minutes for subsequent times.

·     If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period.

Examples

Suppose the IP address of Vlan-interface100 on device A conflicts with that of another device on the network, device A will output the following log information repeatedly:

%Jan  1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

# Enable duplicate log suppression on device A.

<Sysname> system-view

[Sysname] info-center logging suppress duplicates

Device A continues to output the following log information:

%Jan  1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

%Jan  1 07:28:19:639 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

 This message repeated 4 times in last 30 seconds.

The output shows that after the duplicate log suppression function is enabled, the system outputs another duplicate log and starts the first suppression period for 30 seconds.

%Jan  1 07:30:19:643 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

 This message repeated 20 times in last 2 minutes.

The output shows the second suppression period lasts for 2 minutes.

%Jan  1 07:30:20:541 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

 This message repeated 1 times in last 1 second.

%Jan  1 07:30:19:542 2000 Sysname CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[12]-CommandSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed.

The output shows that a different log is generated during the suppression period.

%Jan  1 07:30:24:643 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

%Jan  1 07:30:55:645 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

 This message repeated 4 times in last 30 seconds.

The output shows that the system starts another suppression period.

info-center logging suppress module

Use info-center logging suppress module to configure a log suppression rule for a module.

Use undo info-center logging suppress module to delete a log suppression rule.

Syntax

info-center logging suppress module module-name mnemonic { all | mnemonic-value }

undo info-center logging suppress module module-name mnemonic { all | mnemonic-value }

Default

The device does not suppress output of any logs from any modules.

Views

System view

Predefined user roles

network-admin

Parameters

module-name: Specifies a log source module by its name, a case-insensitive string of 1 to 8 characters. To view the list of available log source modules, use the info-center logging suppress module ? command.

mnemonic { all | mnemonic-value }: Configures a mnemonic filter for log suppression.

·     all: Suppresses output of all logs of the module.

·     mnemonic-value: Suppresses output of logs with the specified mnemonic value. The mnemonic-value argument is a case-insensitive string of 1 to 32 characters, which must be the complete value contained in the mnemonic field of the log message. Log suppression will fail if a partial mnemonic value is specified.

Usage guidelines

You can configure log suppression rules to filter out the logs that you are not concerned with. A log suppression rule suppresses output of all logs or only logs with a specific mnemonic value for a module.

Examples

# Configure a log suppression rule to suppress output of logs with the shell_login mnemonic value for the shell module.

<Sysname> system-view

[Sysname] info-center logging suppress module shell mnemonic shell_login

Related commands

info-center source

info-center loghost

Use info-center loghost to specify a log host and to configure output parameters.

Use undo info-center loghost to restore the default.

Syntax

info-center loghost [ vpn-instance vpn-instance-name ] { loghost | ipv4-address | ipv6 ipv6-address } [ port port-number ] [ facility local-number ]

undo info-center loghost [ vpn-instance vpn-instance-name ] { loghost | ipv4-address | ipv6 ipv6-address }

Default

No log host is specified.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

loghost: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters.

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, the log host cannot receive system information.

facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.

Usage guidelines

The info-center loghost command takes effect only after information center is enabled with the info-center enable command.

The device supports a maximum of 20 log hosts.

Examples

# Output logs to the log host 1.1.1.1.

<Sysname> system-view

[Sysname] info-center loghost 1.1.1.1

info-center loghost source

Use info-center loghost source to specify the source IP address for output logs.

Use undo info-center loghost source to restore the default.

Syntax

info-center loghost source interface-type interface-number

undo info-center loghost source

Default

The source IP address of output logs is the primary IP address of the matching route's egress interface.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies the egress interface for logs by the interface type and interface number.

Usage guidelines

The system uses the primary IP address of the specified egress interface as the source IP address of log information no matter which physical interface is used to output the logs.

The info-center loghost source command takes effect only after the information center is enabled with the info-center enable command.

Examples

# Specify the IP address of interface loopback 0 as the source IP address of logs.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] info-center loghost source loopback 0

info-center security-logfile alarm-threshold

Use info-center security-logfile alarm-threshold to set the alarm threshold for security log file usage.

Use undo info-center security-logfile alarm-threshold to restore the default.

Syntax

info-center security-logfile alarm-threshold usage

undo info-center security-logfile alarm-threshold

Default

The alarm threshold for security log file usage is 80. When the usage of the security log file reaches 80%, the system outputs a message to inform the administrator.

Views

System view

Predefined user roles

network-admin

Parameters

usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100.

Usage guidelines

When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file. This feature helps avoid security log loss by setting an alarm threshold for the security log file usage. When the threshold is reached, the system outputs log information to inform the administrator. The administrator can log in to the device as the security log administrator, and back up the security log file.

Examples

# Set the alarm threshold for the security log file usage to 90%.

<Sysname> system-view

[Sysname] info-center security-logfile alarm-threshold 90

Related commands

info-center security-logfile size-quota

info-center security-logfile enable

Use info-center security-logfile enable to enable saving of security logs to the security log file.

Use undo info-center security-logfile enable to restore the default.

Syntax

info-center security-logfile enable

undo info-center security-logfile enable

Default

The saving of security logs to the security log file is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the system to output security logs to the security log file buffer, and saves the logs from the buffer to the security log file at a specific interval.

Examples

# Enable saving security logs to the security log file.

<Sysname> system-view

[Sysname] info-center security-logfile enable

info-center security-logfile frequency

Use info-center security-logfile frequency to configure the interval for saving security logs to the security log file.

Use undo info-center security-logfile frequency to restore the default saving interval.

Syntax

info-center security-logfile frequency freq-sec

undo info-center security-logfile frequency

Default

The default saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies a saving interval in the range of 10 to 86400 seconds.

Usage guidelines

The system first outputs the security logs to the security log file buffer, and then saves the logs in the buffer to the security log file at the specified interval.

Examples

# Save security logs to the security log file every 600 seconds.

<Sysname> system-view

[Sysname] info-center security-logfile frequency 600

Related commands

info-center security-logfile enable

info-center security-logfile size-quota

Use info-center security-logfile size-quota to set the maximum size for the security log file.

Use undo info-center security-logfile size-quota to restore the default.

Syntax

info-center security-logfile size-quota size

undo info-center security-logfile size-quota

Default

The maximum size of the security log file is 10 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size for the security log file, in MB. The value range is 1 to 10.

Examples

# Set the maximum size for the security log file to 6 MB.

<Sysname> system-view

[Sysname] info-center security-logfile size-quota 6

Related commands

info-center security-logfile alarm-threshold

info-center security-logfile directory

Use info-center security-logfile directory to configure the directory where the security log file is saved.

Syntax

info-center security-logfile directory dir-name

Default

The security log file is saved in the seclog directory under the root directory of the storage device.

Views

System view

Predefined user roles

security-audit

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 511 characters.

Usage guidelines

The specified directory must have been created.

The configuration made by this command cannot survive an IRF reboot or a master/subordinate switchover.

Examples

# Set the directory to save the security log file as flash:/test.

<Sysname> mkdir test

Creating directory flash:/test... Done.

<Sysname> system-view

[Sysname] info-center security-logfile directory flash:/test

info-center source

Use info-center source to configure a log output rule for a module.

Use undo info-center source to restore the default.

Syntax

info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }

undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }

Default

Table 7 lists the default log output rules.

Table 7 Default output rules

Destination	Source modules	Common log	Security log	Diagnostic log	Hidden log
Console	All supported modules	debugging	Disabled	Disabled	Disabled
Monitor terminal	All supported modules	debugging	Disabled	Disabled	Disabled
Log host	All supported modules	informational	Disabled	Disabled	informational
Log buffer	All supported modules	informational	Disabled	Disabled	informational
Log file	All supported modules	informational	Disabled	Disabled	informational
Security log file	All supported modules, cannot be filtered	Disabled	Debugging, which cannot be filtered	Disabled	Disabled
Diagnostic log file	All supported modules, cannot be filtered	Disabled	Disabled	Debugging, which cannot be filtered	Disabled

 

Views

System view

Predefined user roles

network-admin

Parameters

module-name: Specifies a module by its name. For instance, to output FTP information, specify this argument as FTP. You can use the info-center source ? command to view the modules supported by the device.

default: Specifies all modules, which can be displayed by using the info-center source ? command.

console: Outputs logs to the console.

logbuffer: Outputs logs to the log buffer.

logfile: Outputs logs to a log file.

loghost: Outputs logs to the log host.

monitor: Outputs logs to the monitor terminal.

deny: Disables log output.

level severity: Specifies a severity level in the range of 0 to 7. See Table 2 for more information. With this keyword, you can specify the lowest severity level of the logs allowed/denied to be output.

Usage guidelines

This command sets an output rule for the specified module or all modules. For example, you can output IP log information with a lowest severity level of warning to the log host, and output IP log information with a lowest severity level of informational to the log buffer.

If you do not set an output rule for a module, the module uses the default output rule or the output rule set by using the default keyword.

If you use the command multiple times, only the most recent output rule takes effect for the specified module.

After you set an output rule for a module, you must use the module-name argument to modify or remove the rule. A new output rule configured by using the default keyword does not take effect on the module.

Examples

# Output only VLAN module's information with a lowest severity level of emergency to the console.

<Sysname> system-view

[Sysname] info-center source default console deny

[Sysname] info-center source vlan console level emergency

# Based on the previous configuration, disable output of VLAN module's information to the console so no system information is output to the console.

<Sysname> system-view

[Sysname] undo info-center source vlan console

info-center synchronous

Use info-center synchronous to enable synchronous information output.

Use undo info-center synchronous to disable synchronous information output.

Syntax

info-center synchronous

undo info-center synchronous

Default

Synchronous information output is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

System log output interrupts ongoing configuration operations, including obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.

Examples

# Enable synchronous information output, and then issue the display current-configuration command to view the current configuration of the device.

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] display current-

At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Sysname] display current-

Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.

# Enable synchronous information output, and then save the current configuration (enter interactive information).

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] save

The current configuration will be written to the device. Are you sure? [Y/N]:

At this time, the system receives the log information. It displays the log information first and then displays [Y/N].

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Y/N]:

Enter Y or N to complete your input.

info-center syslog min-age

Use info-center syslog min-age to set the minimum storage time for logs stored in the log buffer and log file.

Use undo info-center syslog min-age to restore the default.

Syntax

info-center syslog min-age min-age

undo info-center syslog min-age

Default

The log minimum storage time is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

min-age: Sets the log minimum storage time in hours. The value range is 1 to 8760.

Examples

# Set the log minimum storage time to 168 hours.

<Sysname> system-view

[Sysname] info-center syslog min-age 168

info-center timestamp

Use info-center timestamp to configure the timestamp format for logs sent to console, monitor, log buffer, and log file.

Use undo info-center timestamp to restore the default.

Syntax

info-center timestamp { boot | date | none }

undo info-center timestamp

Default

The timestamp format for logs sent to console, monitor terminal, log buffer, and log file is date.

Views

System view

Predefined user roles

network-admin

Parameters

boot: Sets the timestamp format as xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup.

date: Sets the timestamp format as "MMM DD hh:mm:ss:xxx YYYY", such as Dec  8 10:12:21:708 2007. The date time shows the current system time.

·     MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.

·     DD: Date, starting with a space if it is less than 10, for example " 7".

·     hh:mm:ss:xxx: Local time, with hh ranging from 00 to 23, mm and ss ranging from 00 to 59, and xxx ranging from 0 to 999.

·     YYYY: Year.

none: Indicates no time information is provided.

Examples

# Configure the timestamp format for log information as boot.

<Sysname> system-view

[Sysname] info-center timestamp boot

Related commands

info-center timestamp loghost

info-center timestamp loghost

Use info-center timestamp loghost to configure the timestamp format for logs sent to a log host.

Use undo info-center timestamp loghost to restore the default.

Syntax

info-center timestamp loghost { date | iso [ with-timezone ] | no-year-date | none }

undo info-center timestamp loghost

Default

The timestamp format for logs sent to a log host is date.

Views

System view

Predefined user roles

network-admin

Parameters

date: Sets the timestamp format as "mmm dd hh:mm:ss yyyy". Such as Dec  8 10:12:21 2007. The date time shows the current system time.

iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.

with-timezone: Includes the time zone in the timestamp. The time zone is in the format hh:mm, for example, 2013-04-12T19:20:50-04:00. If the system cannot get the time zone, Z is displayed, for example, 2013-04-12T23:20Z.

no-year-date: Sets the timestamp format as the current system date and time without year.

none: Indicates that no timestamp information is provided.

Examples

# Configure the timestamp format for system information sent to a log host as no-year-date.

<Sysname> system-view

[Sysname] info-center timestamp loghost no-year-date

Related commands

info-center timestamp

info-center trace-logfile quota

Use info-center trace-logfile quota to set the maximum size of the trace log file.

Use undo info-center trace-logfile quota to restore the default.

Syntax

info-center trace-logfile quota size

undo info-center trace-logfile quota

Default

The maximum size of the trace log file is 1 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size of the trace log file, in the range of 1 to 10 MB.

Examples

# Set the maximum size of the trace log file as 6 MB.

<Sysname> system-view

[Sysname] info-center trace-logfile quota 6

logfile save

Use logfile save to manually save logs in the log file buffer to a log file.

Syntax

logfile save

Views

Any view

Predefined user roles

2: System level

Usage guidelines

You can specify the directory to save a log file with the info-center logfile directory command.

The system clears the log file buffer after saving logs from the buffer to a log file automatically or manually.

Examples

# Manually save logs from the log file buffer to a log file.

<Sysname> logfile save

The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.

Related commands

·     info-center logfile enable

·     info-center logfile directory

reset logbuffer

Use reset logbuffer to clear the log buffer.

Syntax

reset logbuffer

Views

User view

Predefined user roles

network-admin

Examples

# Clear the log buffer.

<Sysname> reset logbuffer

Related commands

display logbuffer

security-logfile save

Use security-logfile save to manually save security logs from the security log file buffer to the security log file.

Syntax

security-logfile save

Views

Any view

Predefined user roles

security-audit

Usage guidelines

When this command is executed, the system displays a message indicating that logs in the buffer have been saved to the security log file even if the security log file buffer does not contain security logs.

The system clears the security log file buffer after saving security logs to the security log file.

A local user can use this command only after being authorized as the security log administrator by the system administrator. For more information about security log administrator, see Security Configuration Guide.

Examples

# Manually save the security logs in the security log file buffer to the security log file.

<Sysname> security-logfile save

The contents in the security log file buffer have been saved to the file flash:/seclog/seclog.log.

Related commands

·     info-center security-logfile directory

·     authorization-attribute (Security Command Reference)

terminal debugging

Use terminal debugging to enable the display of debug information on the current terminal.

Use undo terminal debugging to disable the display of debug information on the current terminal.

Syntax

terminal debugging

undo terminal debugging

Default

The display of debug information is disabled on the current terminal.

Views

User view

Predefined user roles

network-admin

Usage guidelines

To view debug information on the console, perform the following tasks:

1.     Execute the terminal debugging command.

2.     Enable the information center (enabled by default).

3.     Use a debugging command to enable the related debugging.

To view debug information on the monitor terminal, perform the following tasks:

1.     Execute the terminal monitor and terminal debugging commands.

2.     Enable the information center (enabled by default).

3.     Use a debugging command to enable the related debugging.

The configuration of this command is only valid for the current connection between the terminal and the device. If a new connection is established, the default is restored.

You can also enable the display of debug information on the current terminal by executing the terminal logging level 7 command. This command has the following differences from the terminal debugging command:

·     The terminal logging level 7 command enables log display for all levels (levels 0 through 7) on the current terminal.

·     The terminal debugging command only enables log display for the debug level (level 7) and the levels that are higher than or equal to the severity level specified with the terminal logging level command.

Examples

# Enable the display of debug information on the current terminal.

<Sysname> terminal debugging

The current terminal is enabled to display debugging logs.

Related commands

·     terminal logging level

·     terminal monitor

terminal logging level

Use terminal logging level to set the lowest level of the logs that can be output to the current terminal.

Use undo terminal logging level to restore the default.

Syntax

terminal logging level severity

undo terminal logging level

Default

The lowest level of the logs that can be output to the current terminal is 6 (informational).

Views

User view

Predefined user roles

network-admin

Parameters

severity: Specifies the lowest level of the logs that can be output to the current terminal, in the range of 0 to 7.

Usage guidelines

If you specify the lowest level of the logs that can be output to the current terminal, the device outputs the logs with a severity level higher than or equal to the specified level. For example, if you set the lowest level of the logs that can be output to the current terminal to 6 (informational), logs with a severity value from 0 to 6 will be output.

The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of logs on the terminal restores the default.

Examples

# Set the lowest level of the logs that can be output on the monitor terminal to 7 (Debug).

<Sysname> terminal logging level 7

terminal monitor

Use terminal monitor to enable the display of logs on the current terminal.

Use undo terminal monitor to disable the display of logs on the current terminal.

Syntax

terminal monitor

undo terminal monitor

Default

Monitoring of logs is enabled on the console and disabled on the monitor terminal.

Views

User view

Predefined user roles

network-admin

Usage guidelines

The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the default is restored.

Examples

# Enable the display of logs on the current terminal.

<Sysname> terminal monitor

The current terminal is enabled to display logs.