11-Network Management and Monitoring Configuration Guide

HomeSupportResource CenterH3C S5560S-EI&S5560S-SI&S5500V3-SI Switch Series Configuration Guides-R612x-6W10211-Network Management and Monitoring Configuration Guide
13-Information center configuration
Title Size Download
13-Information center configuration 187.25 KB

Contents

Configuring the information center 1

About the information center 1

Log types· 1

Log levels· 1

Log destinations· 2

Default output rules for standard system logs· 2

Default output rules for diagnostic logs· 2

Default output rules for security logs· 2

Default output rules for hidden logs· 3

Default output rules for trace logs· 3

Log formats and field descriptions· 3

FIPS compliance· 5

Information center tasks at a glance· 5

Managing standard system logs· 5

Managing hidden logs· 6

Managing security logs· 6

Managing diagnostic logs· 6

Managing trace logs· 7

Enabling the information center 7

Outputting logs to various destinations· 7

Outputting logs to the console· 7

Outputting logs to the monitor terminal 8

Outputting logs to log hosts· 9

Outputting logs to the log buffer 9

Saving logs to the log file· 10

Setting the minimum storage period for logs· 11

Enabling synchronous information output 11

Configuring log suppression·· 12

Enabling duplicate log suppression·· 12

Configuring log suppression for a module· 12

Disabling an interface from generating link up or link down logs· 13

Enabling SNMP notifications for system logs· 13

Managing security logs· 14

Saving security logs to the security log file· 14

Managing the security log file· 14

Saving diagnostic logs to the diagnostic log file· 15

Setting the maximum size of the trace log file· 16

Display and maintenance commands for information center 16

Information center configuration examples· 16

Example: Outputting logs to the console· 16

Example: Outputting logs to a UNIX log host 17

Example: Outputting logs to a Linux log host 18

 


Configuring the information center

About the information center

The information center on the device receives logs generated by source modules and outputs logs to different destinations according to log output rules. Based on the logs, you can monitor device performance and troubleshoot network problems.

Figure 1 Information center diagram

 

Log types

Logs are classified into the following types:

·          Standard system logs—Record common system information. Unless otherwise specified, the term "logs" in this document refers to standard system logs.

·          Diagnostic logs—Record debug messages.

·          Security logs—Record security information, such as authentication and authorization information.

·          Hidden logs—Record log information not displayed on the terminal, such as input commands.

·          Trace logs—Record system tracing and debug messages, which can be viewed only after the devkit package is installed.

Log levels

Logs are classified into eight severity levels from 0 through 7 in descending order. The information center outputs logs with a severity level that is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), logs that have a severity level from 0 to 6 are output.

Table 1 Log levels

Severity value

Level

Description

0

Emergency

The system is unusable. For example, the system authorization has expired.

1

Alert

Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.

2

Critical

Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.

3

Error

Error condition. For example, the link state changes.

4

Warning

Warning condition. For example, an interface is disconnected, or the memory resources are used up.

5

Notification

Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.

6

Informational

Informational message. For example, a command or a ping operation is executed.

7

Debugging

Debug message.

 

Log destinations

The system outputs logs to the following destinations: console, monitor terminal, log buffer, log host, and log file. Log output destinations are independent and you can configure them after enabling the information center. One log can be sent to multiple destinations.

Default output rules for standard system logs

A log output rule specifies the source modules and severity level of logs that can be output to a destination. Logs matching the output rule are output to the destination. Table 2 shows the default log output rules.

Table 2 Default output rules for standard system logs

Destination

Log source modules

Output switch

Severity

Console

All supported modules

Enabled

Debug

Monitor terminal

All supported modules

Disabled

Debug

Log host

All supported modules

Enabled

Informational

Log buffer

All supported modules

Enabled

Informational

Log file

All supported modules

Enabled

Informational

 

Default output rules for diagnostic logs

Diagnostic logs can only be output to the diagnostic log file, and cannot be filtered by source modules and severity levels. Table 3 shows the default output rule for diagnostic logs.

Table 3 Default output rule for diagnostic logs

Destination

Log source modules

Output switch

Severity

Diagnostic log file

All supported modules

Enabled

Debug

 

Default output rules for security logs

Security logs can only be output to the security log file, and cannot be filtered by source modules and severity levels. Table 4 shows the default output rule for security logs.

Table 4 Default output rule for security logs

Destination

Log source modules

Output switch

Severity

Security log file

All supported modules

Disabled

Debug

 

Default output rules for hidden logs

Hidden logs can be output to the log host, the log buffer, and the log file. Table 5 shows the default output rules for hidden logs.

Table 5 Default output rules for hidden logs

Destination

Log source modules

Output switch

Severity

Log host

All supported modules

Enabled

Informational

Log buffer

All supported modules

Enabled

Informational

Log file

All supported modules

Enabled

Informational

 

Default output rules for trace logs

Trace logs can only be output to the trace log file, and cannot be filtered by source modules and severity levels. Table 6 shows the default output rules for trace logs.

Table 6 Default output rules for trace logs

Destination

Log source modules

Output switch

Severity

Trace log file

All supported modules

Enabled

Debugging

 

Log formats and field descriptions

Log formats

The format of logs varies by output destinations. Table 7 shows the original format of log information, which might be different from what you see. The actual format varies by the log resolution tool used.

Table 7 Log formats

Output destination

Format

Example

Console, monitor terminal, log buffer, or log file

Prefix Timestamp Sysname Module/Level/Mnemonic: Content

%Nov 24 14:21:43:502 2016 Sysname SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.26

Log host

·         Standard format:
<PRI>Timestamp Sysname %%vvModule/Level/Mnemonic: Source; Content

·         unicom format:
<PRI>Timestamp Hostip vvModule/Level/Serial_number: Content

·         cmcc format:
<PRI>Timestamp Sysname %vvModule/Level/Mnemonic: Source Content

·         Standard format:
<190>Nov 24 16:22:21 2016 Sysname %%10 SHELL/5/SHELL_LOGIN: -DevIP=1.1.1.1; VTY logged in from 192.168.1.26

·         unicom format:
<189>Oct 13 16:48:08 2016 10.1.1.1 10SHELL/5/210231a64jx073000020: VTY logged in from 192.168.1.21

·         cmcc format:
<189>Oct 9 14:59:04 2016 Sysname %10SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.21

 

Log field description

Table 8 Log field description

Field

Description

Prefix (information type)

A log to a destination other than the log host has an identifier in front of the timestamp:

·         An identifier of percent sign (%) indicates a log with a level equal to or higher than informational.

·         An identifier of asterisk (*) indicates a debug log or a trace log.

·         An identifier of caret (^) indicates a diagnostic log.

PRI (priority)

A log destined for the log host has a priority identifier in front of the timestamp. The priority is calculated by using this formula: facility*8+level, where:

·         facility is the facility name. Facility names local0 through local7 correspond to values 16 through 23. The facility name can be configured using the info-center loghost command. It is used to identify log sources on the log host, and to query and filter the logs from specific log sources.

·         level is in the range of 0 to 7. See Table 1 for more information about severity levels.

Timestamp

Records the time when the log was generated.

Logs sent to the log host and those sent to the other destinations have different timestamp precisions, and their timestamp formats are configured with different commands. For more information, see Table 9 and Table 10.

Hostip

Source IP address of the log. If the info-center loghost source command is configured, this field displays the IP address of the specified source interface. Otherwise, this field displays the sysname.

This field exists only in logs in unicom format that are sent to the log host.

Serial number

Serial number of the device that generated the log.

This field exists only in logs in unicom format that are sent to the log host.

Sysname (host name or host IP address)

The sysname is the host name or IP address of the device that generated the log. You can use the sysname command to modify the name of the device.

%% (vendor ID)

Indicates that the information was generated by an H3C device.

This field exists only in logs sent to the log host.

vv (version information)

Identifies the version of the log, and has a value of 10.

This field exists only in logs that are sent to the log host.

Module

Specifies the name of the module that generated the log. You can enter the info-center source ? command in system view to view the module list.

Level

Identifies the level of the log. See Table 1 for more information about severity levels.

Mnemonic

Describes the content of the log. It contains a string of up to 32 characters.

Source

Optional field that identifies the source of the log. The value contains an IRF member device ID and the IP address of the log sender.

Content

Provides the content of the log.

 

Table 9 Timestamp precisions and configuration commands

Item

Destined for the log host

Destined for the console, monitor terminal, log buffer, and log file

Precision

Seconds

Milliseconds

Command used to set the timestamp format

info-center timestamp loghost

info-center timestamp

 

Table 10 Description of the timestamp parameters

Timestamp parameters

Description

Example

boot

Time that has elapsed since system startup, in the format of xxx.yyy. xxx represents the higher 32 bits, and yyy represents the lower 32 bits, of milliseconds elapsed.

Logs that are sent to all destinations other than a log host support this parameter.

%0.109391473 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully.

0.109391473 is a timestamp in the boot format.

date

Current date and time, in the format of mmm dd hh:mm:ss yyy for logs that are output to a log host, or MMM DD hh:mm:ss:xxx YYYY for logs that are output to other destinations.

All logs support this parameter.

%May 30 05:36:29:579 2003 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully.

May 30 05:36:29:579 2003 is a timestamp in the date format.

iso

Timestamp format stipulated in ISO 8601.

Only logs that are sent to a log host support this parameter.

<189>2003-05-30T06:42:44 Sysname %%10FTPD/5/FTPD_LOGIN(l): User ftp (192.168.1.23) has logged in successfully.

2003-05-30T06:42:44 is a timestamp in the iso format.

none

No timestamp is included.

All logs support this parameter.

% Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully.

No timestamp is included.

no-year-date

Current date and time without year information, in the format of MMM DD hh:mm:ss:xxx.

Only logs that are sent to a log host support this parameter.

<189>May 30 06:44:22 Sysname %%10FTPD/5/FTPD_LOGIN(l): User ftp (192.168.1.23) has logged in successfully.

May 30 06:44:22 is a timestamp in the no-year-date format.

 

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

Information center tasks at a glance

Managing standard system logs

1.        Enabling the information center

2.        Outputting logs to various destinations

Choose the following tasks as needed:

¡  Outputting logs to the console

¡  Outputting logs to the monitor terminal

¡  Outputting logs to log hosts

¡  Outputting logs to the log buffer

¡  Saving logs to the log file

3.        (Optional.) Setting the minimum storage period for logs

4.        (Optional.) Enabling synchronous information output

5.        (Optional.) Configuring log suppression

Choose the following tasks as needed:

¡  Enabling duplicate log suppression

¡  Configuring log suppression for a module

¡  Disabling an interface from generating link up or link down logs

6.        (Optional.) Enabling SNMP notifications for system logs

Managing hidden logs

1.        Enabling the information center

2.        Outputting logs to various destinations

Choose the following tasks as needed:

¡  Outputting logs to log hosts

¡  Outputting logs to the log buffer

¡  Saving logs to the log file

3.        (Optional.) Setting the minimum storage period for logs

4.        (Optional.) Configuring log suppression

Choose the following tasks as needed:

¡  Enabling duplicate log suppression

¡  Configuring log suppression for a module

Managing security logs

1.        Enabling the information center

2.        (Optional.) Configuring log suppression

Choose the following tasks as needed:

¡  Enabling duplicate log suppression

¡  Configuring log suppression for a module

3.        Managing security logs

¡  Saving security logs to the security log file

¡  Managing the security log file

Managing diagnostic logs

1.        Enabling the information center

2.        (Optional.) Configuring log suppression

Choose the following tasks as needed:

¡  Enabling duplicate log suppression

¡  Configuring log suppression for a module

3.        Saving diagnostic logs to the diagnostic log file

Managing trace logs

1.        Enabling the information center

2.        (Optional.) Configuring log suppression

Choose the following tasks as needed:

¡  Enabling duplicate log suppression

¡  Configuring log suppression for a module

3.        Setting the maximum size of the trace log file

Enabling the information center

About enabling the information center

The information center can output logs only after it is enabled.

Procedure

1.        Enter system view.

system-view

2.        Enable the information center.

info-center enable

The information center is enabled by default.

Outputting logs to various destinations

Outputting logs to the console

Restrictions and guidelines

The terminal monitor, terminal debugging, and terminal logging commands take effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

Procedure

1.        Enter system view.

system-view

2.        Configure an output rule for sending logs to the console.

info-center source { module-name | default } console { deny | level severity }

For information about default output rules, see "Default output rules for standard system logs."

3.        (Optional.) Configure the timestamp format.

info-center timestamp { boot | date | none }

The default timestamp format is date.

4.        Return to user view.

quit

5.        Enable log output to the console.

terminal monitor

By default, log output to the console is enabled.

6.        Enable the display of debug information on the current terminal.

terminal debugging

By default, the display of debug information on the current terminal is disabled .

7.        Set the lowest severity level of logs that can be output to the console.

terminal logging level severity

The default setting is 6 (informational).

Outputting logs to the monitor terminal

About monitor terminals

Monitor terminals refer to terminals that log in to the device through the AUX, VTY, or TTY line.

Restrictions and guidelines

The terminal monitor, terminal debugging, and terminal logging commands take effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

Procedure

1.        Enter system view.

system-view

2.        Configure an output rule for sending logs to the monitor terminal.

info-center source { module-name | default } monitor { deny | level severity }

For information about default output rules, see "Default output rules for standard system logs."

3.        (Optional.) Configure the timestamp format.

info-center timestamp { boot | date | none }

The default timestamp format is date.

4.        Return to user view.

quit

5.        Enable log output to the monitor terminal.

terminal monitor

By default, log output to the monitor terminal is disabled.

6.        Enable the display of debug information on the current terminal.

terminal debugging

By default, the display of debug information on the current terminal is disabled.

7.        Set the lowest level of logs that can be output to the monitor terminal.

terminal logging level severity

The default setting is 6 (informational).

Outputting logs to log hosts

Restrictions and guidelines

The device supports the following methods (in descending order of priority) for outputting logs of a module to designated log hosts:

·          Fast log output.

For information about the modules that support fast log output and how to configure fast log output, see "Configuring fast log output."

·          Flow log.

For information about the modules that support flow log output and how to configure flow log output, see "Configuring flow log."

·          Information center.

If you configure multiple log output methods for a module, only the method with the highest priority takes effect.

Procedure

1.        Enter system view.

system-view

2.        Configure an output rule for sending logs to log hosts.

info-center source { module-name | default } loghost { deny | level severity }

For information about default output rules, see "Default output rules for standard system logs."

3.        (Optional.) Specify a source IP address for output logs.

info-center loghost source interface-type interface-number

By default, the source IP address of output logs is the primary IP address of their outgoing interfaces.

4.        (Optional.) Specify the format in which logs are output to log hosts.

info-center format { unicom |cmcc }

By default, logs are output to log hosts in standard format.

5.        (Optional.) Configure the timestamp format.

info-center timestamp loghost { date | iso [ with-timezone ] | no-year-date | none }

The default timestamp format is date.

6.        Specify a log host and configure related parameters.

info-center loghost [ vpn-instance vpn-instance-name ] { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] [ dscp dscp-value ] [ facility local-number ]

By default, no log hosts or related parameters are specified.

The value for the port-number argument must be the same as the value configured on the log host. Otherwise, the log host cannot receive logs.

Outputting logs to the log buffer

1.        Enter system view.

system-view

2.        Configure an output rule for sending logs to the log buffer.

info-center source { module-name | default } logbuffer { deny | level severity }

For information about default output rules, see "Default output rules for standard system logs."

3.        (Optional.) Configure the timestamp format.

info-center timestamp { boot | date | none }

The default timestamp format is date.

4.        Enable log output to the log buffer.

info-center logbuffer

By default, log output to the log buffer is enabled.

5.        (Optional.) Set the maximum number of logs that can be stored in the log buffer.

info-center logbuffer size buffersize

By default, the log buffer can store a maximum of 512 logs.

Saving logs to the log file

About log saving to the log file

By default, the log file feature saves logs from the log file buffer to the log file every 24 hours. You can adjust the saving interval or manually save logs to the log file. After saving logs to the log file, the system clears the log file buffer.

The device supports only one log file, which is automatically created when needed. The log file has a maximum capacity. When the log file is full or no storage space is available, the system will replace the oldest logs with new logs.

You can enable log file overwrite-protection to stop the device from saving new logs when the log file is full or no storage space is available.

 

TIP

TIP:

Clean up the storage space of the device regularly to ensure sufficient storage space for the log file feature.

 

Procedure

1.        Enter system view.

system-view

2.        Configure an output rule for sending logs to the log file.

info-center source { module-name | default } logfile { deny | level severity }

For information about default output rules, see "Default output rules for standard system logs."

3.        Enable the log file feature.

info-center logfile enable

By default, the log file feature is enabled.

4.        (Optional.) Enable log file overwrite-protection.

info-center logfile overwrite-protection [ all-port-powerdown ]

By default, log file overwrite-protection is disabled.

Log file overwrite-protection is supported only in FIPS mode.

5.        (Optional.) Set the maximum log file size.

info-center logfile size-quota size

The default maximum log file size is 10 MB.

To ensure normal operation, set the size argument to a value between 1 MB and 10 MB.

6.        (Optional.) Specify the log file directory.

info-center logfile directory dir-name

The default log file directory is flash:/logfile.

This command cannot survive an IRF reboot or a master/subordinate switchover.

7.        Save logs in the log file buffer to the log file. Choose one option as needed:

¡  Configure the automatic log file saving interval.

info-center logfile frequency freq-sec

The default saving interval is 86400 seconds.

¡  Manually save logs in the log file buffer to the log file.

logfile save

This command is available in any view.

Setting the minimum storage period for logs

About setting the log minimum storage period

Use this feature to set the minimum storage period for logs in the log buffer and log file. This feature ensures that logs will not be overwritten by new logs during a set period of time.

By default, when the log buffer or log file is full, new logs will automatically overwrite the oldest logs. After the minimum storage period is set, the system identifies the storage period of a log to determine whether to delete the log. The system current time minus a log's generation time is the log's storage period.

·          If the storage period of a log is shorter than or equal to the minimum storage period, the system does not delete the log. The new log will not be saved.

·          If the storage period of a log is longer than the minimum storage period, the system deletes the log to save the new log.

Procedure

1.        Enter system view.

system-view

2.        Set the log minimum storage period.

info-center syslog min-age min-age

By default, the log minimum storage period is not set.

Enabling synchronous information output

About synchronous information output

System log output interrupts ongoing configuration operations, obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.

Procedure

1.        Enter system view.

system-view

2.        Enable synchronous information output.

info-center synchronous

By default, synchronous information output is disabled.

Configuring log suppression

Enabling duplicate log suppression

About duplicate log suppression

Output of consecutive duplicate logs (logs that have the same module name, level, mnemonic, location, and text) wastes system and network resources.

With duplicate log suppression enabled, the system starts a suppression period upon outputting a log:

·          If only duplicate logs are received during the suppression period, the information center does not output the duplicate logs. When the suppression period expires, the information center outputs the suppressed log and the number of times the log is suppressed.

·          If a different log is received during the suppression period, the information center performs the following operations:

¡  Outputs the suppressed log and the number of times the log is suppressed.

¡  Outputs the different log and starts a suppression period for that log.

·          If no log is received within the suppression period, the information center does not output any message when the suppression period expires.

Procedure

1.        Enter system view.

system-view

2.        Enable duplicate log suppression.

info-center logging suppress duplicates

By default, duplicate log suppression is disabled.

Configuring log suppression for a module

About log suppression for a module

This feature suppresses output of logs. You can use this feature to filter out the logs that you are not concerned with.

Perform this task to configure a log suppression rule to suppress output of all logs or logs with a specific mnemonic value for a module.

Procedure

1.        Enter system view.

system-view

2.        Configure a log suppression rule for a module.

info-center logging suppress module module-name mnemonic { all | mnemonic-value }

By default, the device does not suppress output of any logs from any modules.

Disabling an interface from generating link up or link down logs

About disabling an interface from generating link up or link down logs

By default, an interface generates link up or link down log information when the interface state changes. In some cases, you might want to disable certain interfaces from generating this information. For example:

·          You are concerned about the states of only some interfaces. In this case, you can use this function to disable other interfaces from generating link up and link down log information.

·          An interface is unstable and continuously outputs log information. In this case, you can disable the interface from generating link up and link down log information.

Use the default setting in normal cases to avoid affecting interface status monitoring.

Procedure

1.        Enter system view.

system-view

2.        Enter interface view.

interface interface-type interface-number

3.        Disable the interface from generating link up or link down logs.

undo enable log updown

By default, an interface generates link up and link down logs when the interface state changes.

Enabling SNMP notifications for system logs

About enabling SNMP notifications for system logs

This feature enables the device to send an SNMP notification for each log message it outputs. The device encapsulates the logs in SNMP notifications and then sends them to the SNMP module and the log trap buffer.

You can configure the SNMP module to send received SNMP notifications in SNMP traps or informs to remote hosts. For more information, see "Configuring SNMP."

To view the traps in the log trap buffer, access the MIB corresponding to the log trap buffer.

Procedure

1.        Enter system view.

system-view

2.        Enable SNMP notifications for system logs.

snmp-agent trap enable syslog

By default, the device does not send SNMP notifications for system logs.

3.        Set the maximum number of traps that can be stored in the log trap buffer.

info-center syslog trap buffersize buffersize

By default, the log trap buffer can store a maximum of 1024 traps.

Managing security logs

Saving security logs to the security log file

About security log management

Security logs are very important for locating and troubleshooting network problems. Generally, security logs are output together with other logs. It is difficult to identify security logs among all logs.

To solve this problem, you can save security logs to the security log file without affecting the current log output rules.

After you enable the security log file feature, the system processes security logs as follows:

1.        Outputs security logs to the security log file buffer.

2.        Saves logs from the security log file buffer to the security log file at the specified interval.

If you have the security-audit role, you can also manually save security logs to the security log file.

3.        Clears the security log file buffer immediately after the security logs are saved to the security log file.

Restrictions and guidelines

The device supports only one security log file. The system will overwrite old logs with new logs when the security log file is full. To avoid security log loss, you can set an alarm threshold for the security log file usage ratio. When the alarm threshold is reached, the system outputs a message to inform you of the alarm. You can log in to the device with the security-audit user role and back up the security log file to prevent the loss of important data.

Procedure

1.        Enter system view.

system-view

2.        Enable the security log file feature.

info-center security-logfile enable

By default, the security log file feature is disabled.

3.        Set the interval at which the system saves security logs.

info-center security-logfile frequency freq-sec

The default security log file saving interval is 86400 seconds.

4.        (Optional.) Set the maximum size for the security log file.

info-center security-logfile size-quota size

The default maximum security log file size is 10 MB.

5.        (Optional.) Set the alarm threshold of the security log file usage.

info-center security-logfile alarm-threshold usage

By default, the alarm threshold of the security log file usage ratio is 80. When the usage of the security log file reaches 80%, the system will send a message.

Managing the security log file

Restrictions and guidelines

To use the security log file management commands, you must have the security-audit user role. For information about configuring the security-audit user role, see AAA in Security Configuration Guide.

Procedure

1.        Enter system view.

system-view

2.        Change the directory of the security log file.

info-center security-logfile directory dir-name

By default, the security log file is saved in the seclog directory in the root directory of the storage device.

This command cannot survive an IRF reboot or a master/subordinate switchover.

3.        Manually save all logs in the security log file buffer to the security log file.

security-logfile save

This command is available in any view.

4.        (Optional.) Display the summary of the security log file.

display security-logfile summary

This command is available in any view.

Saving diagnostic logs to the diagnostic log file

About diagnostic log saving

By default, the diagnostic log file feature saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file every 24 hours. You can adjust the saving interval or manually save diagnostic logs to the diagnostic log file. After saving diagnostic logs to the diagnostic log file, the system clears the diagnostic log file buffer.

The device supports only one diagnostic log file. The diagnostic log file has a maximum capacity. When the capacity is reached, the system replaces the oldest diagnostic logs with new logs.

Procedure

1.        Enter system view.

system-view

2.        Enable the diagnostic log file feature.

info-center diagnostic-logfile enable

By default, the diagnostic log file feature is enabled.

3.        (Optional.) Set the maximum diagnostic log file size.

info-center diagnostic-logfile quota size

By default, the maximum diagnostic log file size is 10 MB.

To ensure normal operation, set the size argument to a value between 1 MB and 10 MB.

4.        (Optional.) Specify the diagnostic log file directory.

info-center diagnostic-logfile directory dir-name

The default diagnostic log file directory is flash:/diagfile.

This command cannot survive an IRF reboot or a master/subordinate switchover.

5.        Save diagnostic logs in the diagnostic log file buffer to the diagnostic log file. Choose one option as needed:

¡  Configure the automatic diagnostic log file saving interval.

info-center diagnostic-logfile frequency freq-sec

The default saving interval is 86400 seconds.

¡  Manually save diagnostic logs to the diagnostic log file.

diagnostic-logfile save

This command is available in any view.

Setting the maximum size of the trace log file

About setting the maximum size of the trace log file

The device has only one trace log file. When the trace log file is full, the device overwrites the oldest trace logs with new ones.

Procedure

1.        Enter system view.

system-view

2.        Set the maximum size for the trace log file.

info-center trace-logfile quota size

The default maximum size of the trace log file is 1 MB.

Display and maintenance commands for information center

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display the diagnostic log file configuration.

display diagnostic-logfile summary

Display the information of each output destination.

display info-center

Display the state and the log information of the log buffer.

display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *

Display summary information of the log buffer.

display logbuffer summary [ level severity | slot slot-number ] *

Display the log file configuration.

display logfile summary

Display summary information of the security log file .

display security-logfile summary

Clear the log buffer.

reset logbuffer

 

Information center configuration examples

Example: Outputting logs to the console

Network configuration

Configure the device to output to the console FTP logs that have a minimum severity level of warning.

Figure 2 Network diagram

 

Procedure

# Enable the information center.

<Device> system-view

[Device] info-center enable

# Disable log output to the console.

[Device] info-center source default console deny

To avoid output of unnecessary information, disable all modules from outputting log information to the specified destination (console in this example) before you configure the output rule.

# Configure an output rule to output to the console FTP logs that have a minimum severity level of warning.

[Device] info-center source ftp console level warning

[Device] quit

# Enable the display of logs on the console. (This function is enabled by default.)

<Device> terminal logging level 6

<Device> terminal monitor

The current terminal is enabled to display logs.

Now, if the FTP module generates logs, the information center automatically sends the logs to the console, and the console displays the logs.

Example: Outputting logs to a UNIX log host

Network configuration

Configure the device to output to the UNIX log host FTP logs that have a minimum severity level of informational.

Figure 3 Network diagram

 

Procedure

Before the configuration, make sure the device and the log host can reach each other. (Details not shown.)

1.        Configure the device:

# Enable the information center.

<Device> system-view

[Device] info-center enable

# Specify log host 1.2.0.1/16 with local4 as the logging facility.

[Device] info-center loghost 1.2.0.1 facility local4

# Disable log output to the log host.

[Device] info-center source default loghost deny

To avoid output of unnecessary information, disable all modules from outputting logs to the specified destination (loghost in this example) before you configure an output rule.

# Configure an output rule to output to the log host FTP logs that have a minimum severity level of informational.

[Device] info-center source ftp loghost level informational

2.        Configure the log host:

The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.

a.    Log in to the log host as a root user.

b.    Create a subdirectory named Device in directory /var/log/, and then create file info.log in the Device directory to save logs from Device.

# mkdir /var/log/Device

# touch /var/log/Device/info.log

c.    Edit file syslog.conf in directory /etc/ and add the following contents.

# Device configuration messages

local4.info /var/log/Device/info.log

In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. The value of info indicates the informational severity level. The UNIX system records the log information that has a minimum severity level of informational to file /var/log/Device/info.log.

 

 

NOTE:

Follow these guidelines while editing file /etc/syslog.conf:

·      Comments must be on a separate line and must begin with a pound sign (#).

·      No redundant spaces are allowed after the file name.

·      The logging facility name and the severity level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands. Otherwise, the log information might not be output to the log host correctly.

 

d.    Display the process ID of syslogd, kill the syslogd process, and then restart syslogd by using the –r option to validate the configuration.

# ps -ae | grep syslogd

147

# kill -HUP 147

# syslogd -r &

Now, the device can output FTP logs to the log host, which stores the logs to the specified file.

Example: Outputting logs to a Linux log host

Network configuration

Configure the device to output to the Linux log host 1.2.0.1/16 FTP logs that have a minimum severity level of informational.

Figure 4 Network diagram

 

Procedure

Before the configuration, make sure the device and the log host can reach each other. (Details not shown.)

1.        Configure the device:

# Enable the information center.

<Device> system-view

[Device] info-center enable

# Specify log host 1.2.0.1/16 with local5 as the logging facility.

[Device] info-center loghost 1.2.0.1 facility local5

# Disable log output to the log host.

[Device] info-center source default loghost deny

To avoid outputting unnecessary information, disable all modules from outputting log information to the specified destination (loghost in this example) before you configure an output rule.

# Configure an output rule to enable output to the log host FTP logs that have a minimum severity level of informational.

[Device] info-center source ftp loghost level informational

2.        Configure the log host:

The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.

a.    Log in to the log host as a root user.

b.    Create a subdirectory named Device in directory /var/log/, and create file info.log in the Device directory to save logs of Device.

# mkdir /var/log/Device

# touch /var/log/Device/info.log

c.    Edit file syslog.conf in directory /etc/ and add the following contents.

# Device configuration messages

local5.info /var/log/Device/info.log

In this configuration, local5 is the name of the logging facility that the log host uses to receive logs. The value of info indicates the informational severity level. The Linux system will store the log information with a severity level equal to or higher than informational to file /var/log/Device/info.log.

 

 

NOTE:

Follow these guidelines while editing file /etc/syslog.conf:

·      Comments must be on a separate line and must begin with a pound sign (#).

·      No redundant spaces are allowed after the file name.

·      The logging facility name and the severity level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands. Otherwise, the log information might not be output to the log host correctly.

 

d.    Display the process ID of syslogd, kill the syslogd process, and then restart syslogd by using the -r option to validate the configuration.

Make sure the syslogd process is started with the -r option on a Linux log host.

# ps -ae | grep syslogd

147

# kill -9 147

# syslogd -r &

Now, the device can output FTP logs to the log host, which stores the logs to the specified file.