Login
| Title | Size | Downloads |
|---|---|---|
| H3C Super Controller System Log Messages Reference-5W100-book.pdf | 231.31 KB |
- Table of Contents
Contents
Authentication configuration recovery completed
Disconnection from the license server
Reconnection to the license server
Failure of connection to the license server
Controller forced offline by license server
Reconnection to the license server due to ageout
Entered fail-safe state due to authorization failure
Entered fail-safe state due to connection failure
Exited fail-safe state after the fail-safe period
Exited fail-safe state after authorization
Exited fail-safe state after disconnection
Remote license expiration early warning
Insufficient quantity-based licenses
Database operation failure because of a nonexistent user
Database operation failure because of refused connections
End of AAA microservice configuration recovery
Start of AAA microservice configuration backup
End of AAA microservice configuration backup
RADIUS attribute check failure
TACACS+ authentication success
TACACS+ authentication failure
TACACS+ attribute check failure
Start of user configuration recovery on non-active leader instances
End of user configuration recovery on non-active leader instances
Operation failure due to user role privilege limit
Introduction
System logs record internal events that occur on the controller. System log messages include field description, message explanation, and recommended action, and provide reference for system analysis and maintenance.
This document assumes that the readers are familiar with data communications technologies and H3C super controller products.
Viewing system log messages
Select System > Log > System Log to enter system log view. The generated system log messages are displayed on pages as shown in Figure 1.
Table 1 System log message elements
|
Element |
Description |
|
Severity |
Severity level of the message. For more information about severity levels, see Table 5. |
|
Time |
Date and time when the log message was generated. |
|
Container |
Name of the container that produced the log message. |
|
Micro service |
Name of the mircoservice that produced the log message. |
|
Service |
Name of the service module that produced the log message. For more information about service modules, see Table 3. |
|
Topic |
Topic for the log message. |
|
Message |
Text string that contains detailed information about the event or error. |
Syslog message format
The super controller can send system logs to syslog servers through the syslog protocol. To set the IP address and port number of a syslog server, select System > Settings > Log Settings on the top navigation bar, and then select System Log.
By default, controllers send system logs in the following format:
<PRI>TIMESTAMP Hostname Service/severity/Keywords CONTENT
Table 2 Syslog message elements
|
Element |
Description |
|
<PRI> |
Priority identifier. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility represents the programming module defined by syslog. In the current software version, the facility is user-level and its value is 1. · Severity represents the syslog message severity level. For more information, see Table 4. |
|
TIMESTAMP |
Date and time when the event occurred. |
|
Hostname |
Name of the container that produced the message. |
|
Origin |
Name of the service module that produced the message. For more information about service modules, see Table 3. |
|
severity |
Severity level of the message. For more information, see Table 5. Five syslog message severity levels are used. |
|
Keywords |
Keywords of the message that facilitate searching or memorizing. |
|
CONTENT |
Text string that contains detailed information about the event or error. |
Table 3 lists the service modules that might produce system log messages.
|
Service module name |
Description |
|
AUTH |
Authentication management module |
|
LICENSE |
License management module |
|
SYSTEM |
System management module |
|
USER |
User management module |
Syslog messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 4.
Table 4 Syslog message severity levels
|
Level |
Severity |
Description |
|
0 |
Emergency |
The system is unusable. |
|
1 |
Alert |
Action must be taken immediately. |
|
2 |
Critical |
Critical condition. |
|
3 |
Error |
Error condition. |
|
4 |
Warning |
Warning condition. |
|
5 |
Notice |
Normal but significant condition. |
|
6 |
Informational |
Informational message. |
|
7 |
Debug |
Debugging message. |
The super controller uses five syslog message severity levels, as shown in Table 5.
Table 5 System log message severity levels
|
Level |
Icon |
Severity |
Description |
|
6 |
|
Informational |
Information message. |
|
4 |
|
Warning |
Warning condition. |
|
3 |
|
Error |
Error condition. |
|
2 |
|
Critical |
Critical condition. |
|
0 |
|
Emergency |
Emergent condition. |
Using this document
This document categories system log messages by service module. This document explains messages in tables. Table 6 describes information provided in these tables.
Table 6 Message explanation table contents
|
Item |
Content |
Example |
|
Keyword |
Summary of the message that facilitates searching or memorizing. |
LICENSE_INSTALL |
|
Message text |
Presents the message description. |
$1 license successfully installed. |
|
Variable fields |
Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text. |
$1: License name. |
|
Severity level |
Provides the severity level of the message. |
|
|
Example |
Provides a real message example. |
Base license successfully installed. |
|
Explanation |
Explains the message, including the event or error cause. |
The specified license has been successfully installed. |
|
Recommended action |
Provides recommended actions. For informational messages, no action is required. |
No action is required. |
AUTH
This section contains authentication management messages.
Authentication configuration recovery completed
|
Keyword |
FINISH_RECOVER_AUTH_CONFIGURATIONS |
|
Message text |
Auth configuration recovery completed. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
Auth configuration recovery completed. |
|
Explanation |
Authentication configuration recovery was completed. |
|
Recommended action |
No action is required. |
LICENSE
This section contains license management messages.
License installation
|
Keyword |
LICENSE_INSTALL |
|
Message text |
$1 license successfully installed. |
|
Variable fields |
$1: License name. |
|
Severity level |
|
|
Example |
Base license successfully installed. |
|
Explanation |
The specified license was successfully installed. |
|
Recommended action |
No action is required. |
Single license reclaimed
|
Keyword |
LICENSE_RECLAIM |
|
Message text |
License for feature $1 (count: $2) has been reclaimed. |
|
Variable fields |
$1: Feature name. $2: Capacity of the reclaimed license. This field is displayed only when a quantity-based license is reclaimed. |
|
Severity level |
|
|
Example |
License for feature VirtualServiceNode (count: 100) has been reclaimed. |
|
Explanation |
The license for the specified feature was reclaimed. |
|
Recommended action |
No action is required. |
License server connection
|
Keyword |
LICENSE_SERVER_CONNECT |
|
Message text |
The controller established a connection to the license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller established a connection to the license server. |
|
Explanation |
The controller established a connection to the license server. |
|
Recommended action |
No action is required. |
Disconnection from the license server
|
Keyword |
LICENSE_SERVER_DISCONNECT |
|
Message text |
The controller was disconnected from the license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller was disconnected from the license server. |
|
Explanation |
The controller was disconnected from the license server. |
|
Recommended action |
If a user disconnected the controller from the license server, no action is required. If the disconnection is unexpected, follow these steps: 1. Examine the connectivity between the controller and the license server. 2. Verify that the license server settings on the controller are correct. 3. Verify that the license server is operating correctly and providing services. |
Reconnection to the license server
|
Keyword |
LICENSE_SERVER_RECONNECT |
|
Message text |
Reconnecting to the license server after a disconnection. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
Reconnecting to the license server after a disconnection. |
|
Explanation |
The controller was disconnected from the license server while it was in LOGIN state and then failed to connect to the license server. |
|
Recommended action |
If a user disconnected the controller from the license server, no action is required. If the connection failure is unexpected, follow these steps: 1. Examine the connectivity between the controller and the license server. 2. Verify that the license server settings on the controller are correct. 3. Verify that the license server is operating correctly and providing services. |
Failure of connection to the license server
|
Keyword |
LICENSE_SERVER_CONNECT_FAILED |
|
Message text |
Failed to connect to the license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
Failed to connect to the license server. |
|
Explanation |
The controller failed to connect to the license server. |
|
Recommended action |
1. Verify that the license server settings on the controller are correct. 2. Verify that the license server is operating correctly. |
Controller forced offline by license server
|
Keyword |
LICENSE_SERVER_FORCE_CLIENT_OFFLINE |
|
Message text |
The controller was forced offline by license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller was forced offline by license server. |
|
Explanation |
The license server forced the controller to go offline. |
|
Recommended action |
To obtain authorization, reconnect the controller to the license server. |
Reconnection to the license server due to ageout
|
Keyword |
LICENSE_SERVER_AGED_RECONNECT |
|
Message text |
The controller started to reconnect to the license server because the token of the controller aged out. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller started to reconnect to the license server because the token of the controller aged out. |
|
Explanation |
The token of the controller aged out and the controller started to reconnect to the license server. |
|
Recommended action |
Verify the network connectivity between the license server and the controller. |
Entered fail-safe state due to authorization failure
|
Keyword |
ENTER_FAILSAFE_NO_LICENSE |
|
Message text |
The controller entered into fail-safe mode because it failed to obtain licenses from the remote license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller entered into fail-safe mode because it failed to obtain licenses from the remote license server. |
|
Explanation |
After the controller connected to the license server, the controller failed to obtain a license and entered fail-safe state. |
|
Recommended action |
Log in to the license server and verify that a license is available for the controller. |
Entered fail-safe state due to connection failure
|
Keyword |
ENTER_FAILSAFE_CONNECT_FAILED |
|
Message text |
The controller entered into fail-safe mode because a connection error occurred between the controller and the license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller entered into fail-safe mode because a connection error occurred between the controller and the license server. |
|
Explanation |
The controller lost its connection to the license server and entered fail-safe state. |
|
Recommended action |
Verify the network connectivity between the license server and the controller. |
Exited fail-safe state after the fail-safe period
|
Keyword |
EXIT_FAILSAFE_EXPIRED |
|
Message text |
The controller exited from fail-safe mode because the 30-day fail-safe period expired. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller exited from fail-safe mode because the 30-day fail-safe period expired. |
|
Explanation |
The 30-day fail-safe period expired and the controller exited fail-safe state. |
|
Recommended action |
1. On the license management page, verify that the controller is connected to the license server. 2. Verify that the license server can assign a license to the controller. |
Exited fail-safe state after authorization
|
Keyword |
EXIT_FAILSAFE_OBTAINED |
|
Message text |
The controller exited from fail-safe mode because it had obtained licenses from the license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller exited from fail-safe mode because it had obtained licenses from the license server. |
|
Explanation |
The controller obtained a license and exited fail-safe state. |
|
Recommended action |
No action is required. |
Exited fail-safe state after disconnection
|
Keyword |
EXIT_FAILSAFE_DISCONNECTED |
|
Message text |
The controller exited from fail-safe mode because it disconnected from the license server. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
The controller exited from fail-safe mode because it disconnected from the license server. |
|
Explanation |
The controller closed its connection to the license server and exited fail-safe state. |
|
Recommended action |
No action is required. |
Remote license expiration early warning
|
Keyword |
LICENSE_EXPIRED |
|
Message text |
$1 license is about to expire in 10 days. |
|
Variable fields |
$1: Remote license name. |
|
Severity level |
|
|
Example |
Base license is about to expire in 10 days. |
|
Explanation |
The specified remote license is about to expire in 10 days. |
|
Recommended action |
1. Log in to the license server to verify that the remote license is authorized. 2. If the remote license is not authorized, purchase the license. |
Insufficient quantity-based licenses
|
Keyword |
LICENSE_INSUFFICIENT |
|
Message text |
Insufficient $1 licenses. Please purchase more licenses. |
|
Variable fields |
$1: Name of the quantity-based licenses. |
|
Severity level |
|
|
Example |
Insufficient MaxNodeNum licenses. Please purchase more licenses. |
|
Explanation |
Quantity-based licenses are insufficient. |
|
Recommended action |
Purchase more licenses. |
SYSTEM
This section contains system management messages.
Database operation failure because of a nonexistent user
|
Keyword |
DATABASE_USER_NOTEXIST |
|
Message text |
Database operation failed because the user did not exist. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
Database operation failed because the user did not exist. |
|
Explanation |
The database operation failed because the user did not exist. |
|
Recommended action |
Verify that the user is configured in the database. |
Database operation failure because of refused connections
|
Keyword |
DATABASE_CONNECTION_FAILED |
|
Message text |
Database operation failed because the database sdndb rejected the connection request from the controller $1. |
|
Variable fields |
$1: IP address of the controller. |
|
Severity level |
|
|
Example |
Database operation failed because the database sdndb rejected the connection request from the controller 10.10.10.10. |
|
Explanation |
The database operation failed because the connection to the database was refused for a specific reason, for example, abnormal database shutdown. |
|
Recommended action |
· Use the service postgresql status command to verify that the database is in active (running) state. · Use the netstat -antp | grep 5432 command to verify that the port of the database is not occupied by other processes. |
End of AAA microservice configuration recovery
|
Keyword |
FINISH_RECOVER_CONFIGURATIONS |
|
Message text |
AAA microservice configuration recovery completed. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
AAA microservice configuration recovery completed. |
|
Explanation |
AAA microservice configuration recovery completed. |
|
Recommended action |
No action is required. |
Start of AAA microservice configuration backup
|
Keyword |
BEGIN_BACKUP_CONFIGURATIONS |
|
Message text |
AAA microservice configuration backup started. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
AAA microservice configuration backup started. |
|
Explanation |
AAA microservice configuration backup started. |
|
Recommended action |
To ensure successful backup, do not modify AAA microservice settings during the backup. |
End of AAA microservice configuration backup
|
Keyword |
FINISH_BACKUP_CONFIGURATIONS |
|
Message text |
AAA microservice configuration backup completed. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
AAA microservice configuration backup completed. |
|
Explanation |
AAA microservice configuration backup completed. |
|
Recommended action |
No action is required. |
USER
This section contains user management messages.
Login success
|
Keyword |
LOGGED_IN_SUCCEED |
|
Message text |
User $1 successfully logged in by using the IP address $2. |
|
Variable fields |
$1: Username. $2: IP address of the user. |
|
Severity level |
|
|
Example |
User sdn successfully logged in by using the IP address 192.168.1.1. |
|
Explanation |
A user logged into the controller. |
|
Recommended action |
No action is required. |
Login failure
|
Keyword |
LOGGED_IN_FAILED |
|
Message text |
User $1 failed to log in by using the IP address $2. |
|
Variable fields |
$1: Username. $2: IP address of the user. |
|
Severity level |
|
|
Example |
User sdn failed to log in by using the IP address 192.168.1.1. |
|
Explanation |
A user failed to log in to the controller. Possible reasons include: · The username is incorrect. · The password is incorrect. |
|
Recommended action |
Make sure the user provides the correct username and password. |
User lock
|
Keyword |
USER_LOCKED |
|
Message text |
The user $1 failed to log in because the login failures has reached five times, and the user is locked. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
The user sdn failed to log in because the login failures has reached five times, and the user is locked. |
|
Explanation |
The user account was locked because the user failed to log in to the controller for five consecutive times. |
|
Recommended action |
· The user account will be unlocked in 15 minutes or after a controller reboot. · Verify that the username and password are correct. |
Logout success
|
Keyword |
LOGGED_OUT_SUCCEED |
|
Message text |
User $1 successfully logged out by using the IP address $2. |
|
Variable fields |
$1: Username. $2: IP address of the user. |
|
Severity level |
|
|
Example |
User sdn successfully logged out by using the IP address 192.168.1.1. |
|
Explanation |
A user logged out of the controller. |
|
Recommended action |
No action is required. |
RADIUS authentication success
|
Keyword |
RADIUS_AUTHENTICATION_PASS |
|
Message text |
User $1 passed the RADIUS authentication. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
User User1 passed the RADIUS authentication. |
|
Explanation |
A user passed RADIUS authentication. |
|
Recommended action |
No action is required. |
RADIUS authentication failure
|
Keyword |
RADIUS_AUTHENTICATION_REJECT |
|
Message text |
The RADIUS authentication request from user $1 was rejected. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
The RADIUS authentication request from user User1 was rejected. |
|
Explanation |
A user failed the RADIUS authentication. Possible reasons include: · The username is incorrect. · The password is incorrect. |
|
Recommended action |
Make sure the user provides the correct username and password. |
RADIUS authentication error
|
Keyword |
RADIUS_AUTHENTICATION_FAILED |
|
Message text |
User $1 failed to pass the RADIUS authentication: $2. |
|
Variable fields |
$1: Username. $2: Possible authentication failure causes: · ERROR_REMOTE_COMUNICATION_FAILED. · ERROR_REMOTE_SERVER_BOUND_FAILED. · ERROR_REMOTE_SERVER_URL_INVAILID. |
|
Severity level |
|
|
Example |
User User1 failed to pass the RADIUS authentication: ERROR_REMOTE_COMUNICATION_FAILED. |
|
Explanation |
An error occurred during RADIUS authentication of a user. |
|
Recommended action |
1. Verify that all authentication settings are correct. For example, make sure the server IP address is correct and the shared key is the same as that configured on the authentication server. 2. Verify that the controller has been added to the AAA server as an AAA client. 3. Verify that the controller can communicate with the AAA server correctly. |
RADIUS attribute check failure
|
Keyword |
RADIUS_ATTRIBUTE_CHECK_FAILED |
|
Message text |
User $1 failed to pass the RADIUS authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
User User1 failed to pass the RADIUS authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
|
Explanation |
The RADIUS authentication failed because the H3C proprietary attribute was not configured. |
|
Recommended action |
Verify that the H3C_EXEC_PRIVILEGE attribute is configured on the AAA server. |
TACACS+ authentication success
|
Keyword |
TACACS_AUTHENTICATION_PASS |
|
Message text |
User $1 passed the TACACS+ authentication. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
User User1 passed the TACACS+ authentication. |
|
Explanation |
A user passed TACACS+ authentication. |
|
Recommended action |
No action is required. |
TACACS+ authentication failure
|
Keyword |
TACACS_AUTHENTICATION_REJECT |
|
Message text |
The TACACS+ authentication request from user $1 was rejected. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
The TACACS+ authentication request from user User1 was rejected. |
|
Explanation |
A user failed the TACACS+ authentication. Possible reasons include: · The username is incorrect. · The password is incorrect. |
|
Recommended action |
Make sure the user provides the correct username and password. |
TACACS+ authentication error
|
Keyword |
TACACS_AUTHENTICATION_FAILED |
|
Message text |
User $1 failed to pass the TACACS+ authentication: $2. |
|
Variable fields |
$1: Username. $2: Possible authentication failure causes: · ERROR_REMOTE_COMUNICATION_FAILED. · ERROR_REMOTE_SERVER_BOUND_FAILED. · ERROR_REMOTE_SERVER_URL_INVAILID. |
|
Severity level |
|
|
Example |
User User1 failed to pass the TACACS+ authentication: ERROR_REMOTE_SERVER_BOUND_FAILED. |
|
Explanation |
An error occurred during TACACS+ authentication of a user. |
|
Recommended action |
1. Verify that all authentication settings are correct. For example, make sure the server IP address is correct and the shared key is the same as that configured on the authentication server. 2. Verify that the controller has been added to the AAA server as an AAA client. 3. Verify that the controller can communicate with the AAA server correctly. |
TACACS+ attribute check failure
|
Keyword |
TACACS_ATTRIBUTE_CHECK_FAILED |
|
Message text |
User $1 failed to pass the TACACS+ authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
|
Variable fields |
$1: Username. |
|
Severity level |
|
|
Example |
User User1 failed to pass the TACACS+ authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
|
Explanation |
The TACACS+ authentication failed because the H3C proprietary attribute was not configured. |
|
Recommended action |
Verify that the H3C_EXEC_PRIVILEGE attribute is configured on the AAA server. |
Start of user configuration recovery on non-active leader instances
|
Keyword |
BEGIN_RECOVER_USER_CONFIG |
|
Message text |
All non-active leader instances started recovering the user configuration. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
All non-active leader instances started recovering the user configuration. |
|
Explanation |
All non-active leader instances in the AAA microservice k8s team started recovering the user configuration, including the username, password, and role. |
|
Recommended action |
As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of user configuration recovery on non-active leader instances
|
Keyword |
FINISH_RECOVER_USER_CONFIG |
|
Message text |
All non-active leader instances completed recovering the user configuration. |
|
Variable fields |
N/A |
|
Severity level |
|
|
Example |
All non-active leader instances completed recovering the user configuration. |
|
Explanation |
All non-active leader instances in the AAA microservice k8s team finished recovering the user configuration, including the username, password, and role. |
|
Recommended action |
No action is required. |
Operation failure due to user role privilege limit
|
Keyword |
ROLE_PERMISSION_CHECK_FAILED |
|
Message text |
Failed to $1 $2. The user role doesn’t have the permission. |
|
Variable fields |
$1: Request type: · post—Creates a resource. · put—Updates or creates a resource. · delete—Deletes a resource. · get—Gets resource information. $2: Requested resource path. |
|
Severity level |
|
|
Example |
Failed to put /sdn/v2.0/systems/4ff280bd-51c6-4768-9be4-4f9f72b51b77. The user role doesn’t have the permission. |
|
Explanation |
The user role does not have the permission to send the request. |
|
Recommended action |
Modify the privilege for the user role or use another user role that has the permission to send the request. |
