Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Information center configuration | 159.89 KB |
Configuring the information center
Information center configuration task list
Outputting logs to the console
Outputting logs to the monitor terminal
Outputting logs to the log buffer
Enabling synchronous information output
Enabling duplicate log suppression
Disabling an interface from generating link up/down logging information
Displaying and maintaining information center
Information center configuration examples
Outputting logs to the console
Outputting logs to a UNIX log host
Outputting logs to a Linux log host
The information center on a device classifies and manages logs for all modules so that network administrators can monitor network performance and troubleshoot network problems.
Overview
The information center receives logs generated by source modules and outputs logs to different destinations according to user-defined output rules. You can classify, filter, and output logs based on source modules. To view the supported source modules, use info-center source ?.
Figure 1 Information center diagram
By default, the information center is enabled. It affects system performance to some degree while processing large amounts of information. If the system resources are insufficient, disable the information center to save resources.
Log types
Logs fall into the following types:
· Common logs—Record common system information. Unless otherwise specified, the term "logs" in this document refers to common logs.
· Diagnostic logs—Record debug messages.
· Security logs—Record security information, such as authentication and authorization information.
· Hidden logs—Record log information not displayed on the terminal, such as input commands.
Log levels
Logs are classified into eight severity levels from 0 through 7 in descending order. The device outputs logs with a severity level that is higher than or equal to the specified level. For example, if you configure an output rule with a severity level of 6 (informational), logs that have a severity level from 0 to 6 is output.
|
Severity value |
Level |
Description |
|
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
|
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
|
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
|
3 |
Error |
Error condition. For example, the link state changes or a storage card is unplugged. |
|
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
|
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
|
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
|
7 |
Debug |
Debug message. |
Log destinations
The system outputs logs to the following destinations: console, monitor terminal, log buffer, log host, and log file. Log output destinations are independent and you can configure them after enabling the information center.
Default log output rules
A default output rule specifies the log source modules and severity level for an output destination. Logs matching the output rule are output to the destination. Table 2 shows the default output rules.
|
Destination |
Log source modules |
Output switch |
Severity |
|
Console |
All supported modules |
Enabled |
Debug |
|
Monitor terminal |
All supported modules |
Disabled |
Debug |
|
Log host |
All supported modules |
Enabled |
Informational |
|
Log buffer |
All supported modules |
Enabled |
Informational |
|
Log file |
All supported modules |
Enabled |
Informational |
|
Security log file |
All supported modules |
Disabled |
Debug |
Log format
The format of logs varies with output destinations. Table 3 shows the original format of log information, which might be different from what you see. The actual format depends on the log resolution tool used.
|
Output destination |
Format |
Example |
|
Console, monitor terminal, log buffer, or log file |
Prefix Timestamp Sysname Module/Level/Digest: Content |
%Nov 24 14:21:43:502 2010 H3C SYSLOG/6/SYSLOG_RESTART: System restarted –- H3C Comware Software. |
|
Log host |
<PRI>Timestamp Sysname %%vvModule/Level/Digest: Source; Content |
<190>Nov 24 16:22:21 2010 H3C %%10SYSLOG/6/SYSLOG_RESTART: -DevIP=1.1.1.1; System restarted –- H3C Comware Software. |
Table 4 describes the fields in a log message.
|
Field |
Description |
|
Prefix (information type) |
A log to a destination other than the log host has an identifier in front of the timestamp: · An identifier of percent sign (%) indicates a log with a level equal to or higher than informational. · An identifier of asterisk (*) indicates a debug log. |
|
PRI (priority) |
A log destined to the log host has a priority identifier in front of the timestamp. The priority is calculated by using this formula: facility*8+level, where: · facility is the facility name. It can be configured with the info-center loghost command. It is used to identify log sources on the log host, and to query and filter the logs from specific log sources. · level ranges from 0 to 7. See Table 1 for more information about severity levels. |
|
Timestamp |
Records the time when the log was generated. Logs sent to the log host and those sent to the other destinations have different timestamp precisions, and their timestamp formats are configured with different commands. For more information, see Table 5 and Table 6. |
|
Sysname (host name or host IP address) |
The sysname is the host name or IP address of the device that generated the log. You can use the sysname command to modify the name of the device. |
|
%% (vendor ID) |
Indicates that the information was generated by an H3C device. It exists only in logs sent to the log host. |
|
vv (version information) |
Identifies the version of the log, and has a value of 10. It exists only in logs sent to the log host. |
|
Module |
Specifies the name of the module that generated the log. You can enter the info-center source ? command in system view to view the module list. |
|
Level |
Identifies the level of the log. See Table 1 for more information about severity levels. |
|
Digest |
Describes the content of the log. It contains a string of up to 32 characters. |
|
Source |
Identifies the source of the log. It can take one of the following values: · Slot number of a card. (In standalone mode.) · IRF member ID and card slot number. (In IRF mode.) · IP address of the log sender. |
|
Content |
Provides the content of the log. |
Table 5 Timestamp precisions and configuration commands
|
Item |
Destined to the log host |
Destined to the console, monitor terminal, log buffer, and log file |
|
Precision |
Seconds |
Milliseconds |
|
Command used to set the timestamp format |
info-center timestamp loghost |
info-center timestamp |
Table 6 Description of the timestamp parameters
|
Timestamp parameters |
Description |
Example |
|
boot |
Time that has elapsed since system startup, in the format of xxx.yyy. xxx represents the higher 32 bits, and yyy represents the lower 32 bits, of milliseconds elapsed. Logs that are sent to all destinations other than the log host support this parameter. |
%0.109391473 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully. 0.109391473 is a timestamp in the boot format. |
|
date |
Current date and time, in the format of MMM DD hh:mm:ss:xxx YYY. All logs support this parameter. |
%May 30 05:36:29:579 2003 Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully. May 30 05:36:29:579 2003 is a timestamp in the date format. |
|
iso |
Timestamp format stipulated in ISO 8601. Only logs that are sent to the log host support this parameter. |
<189>2003-05-30T06:42:44 Sysname %%10FTPD/5/FTPD_LOGIN(l): User ftp (192.168.1.23) has logged in successfully. 2003-05-30T06:42:44 is a timestamp in the iso format. |
|
none |
No timestamp is included. All logs support this parameter. |
% Sysname FTPD/5/FTPD_LOGIN: User ftp (192.168.1.23) has logged in successfully. No timestamp is included. |
|
no-year-date |
Current date and time without year information, in the format of MMM DD hh:mm:ss:xxx. Only logs that are sent to the log host support this parameter. |
<189>May 30 06:44:22 Sysname %%10FTPD/5/FTPD_LOGIN(l): User ftp (192.168.1.23) has logged in successfully. May 30 06:44:22 is a timestamp in the no-year-date format. |
Information center configuration task list
|
Task at a glance |
|
|
Perform at least one of the following tasks: · Outputting logs to the console · Outputting logs to the monitor terminal · Outputting logs to a log host |
|
|
(Optional.) Enabling synchronous information output |
|
|
(Optional.) Enabling duplicate log suppression |
|
|
(Optional.) Disabling an interface from generating link up/down logging information |
|
Outputting logs to the console
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable the information center. |
info-center enable |
By default, the information center is enabled. |
|
3. Configure an output rule for the console. |
info-center source { module-name | default } { console | monitor | logbuffer | logfile | loghost } { deny | level severity } |
For information about default output rules, see "Default log output rules." |
|
4. (Optional.) Configure the timestamp format. |
info-center timestamp { boot | date | none } |
By default, the timestamp format is date. |
|
5. Return to user view. |
quit |
N/A |
|
6. Enable log output to the console. |
terminal monitor |
The default setting is enabled. |
|
7. (Optional.) Enable the display of debug information on the current terminal. |
terminal debugging |
By default, the display of debug information is enabled on the console and disabled on the monitor terminal. |
|
8. (Optional.) Set the lowest severity level of logs that can be output to the console. |
terminal logging level severity |
The default setting is 7 (Debug). |
Outputting logs to the monitor terminal
Monitor terminals refer to terminals that log in to the device through Telnet or SSH.
To output logs to the monitor terminal:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable the information center. |
info-center enable |
By default, the information center is enabled. |
|
3. Configure an output rule for the monitor terminal. |
info-center source { module-name | default } { console | monitor | logbuffer | logfile | loghost } { deny | level severity } |
For information about default output rules, see "Default log output rules." |
|
4. (Optional.) Configure the timestamp format. |
info-center timestamp { boot | date | none } |
By default, the timestamp format is date. |
|
5. Return to user view. |
quit |
N/A |
|
6. Enable log output to the monitor terminal. |
terminal monitor |
The default setting is enabled. |
|
7. (Optional.) Enable the display of debug information on the current terminal. |
terminal debugging |
By default, the display of debug information is enabled on the console and disabled on the monitor terminal. |
|
8. (Optional.) Set the lowest level of logs that can be output to the monitor terminal. |
terminal logging level severity |
The default setting is 6 (Informational). |
Outputting logs to a log host
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable the information center. |
info-center enable |
By default, the information center is enabled. |
|
3. Configure an output rule for the log host. |
info-center source { module-name | default } { console | monitor | logbuffer | logfile | loghost } { deny | level severity } |
For more information about default output rules, see "Default log output rules." |
|
4. (Optional.) Specify the source IP address for output logs. |
info-center loghost source interface-type interface-number |
By default, the source IP address of output log information is the primary IP address of the matching route' egress interface. |
|
5. (Optional.) Configure the timestamp format. |
info-center timestamp loghost { date | iso | no-year-date | none } |
By default, the timestamp format is date. |
|
6. Specify a log host and configure related parameters. |
info-center loghost [ vpn-instance vpn-instance-name ] { ipv4-address | ipv6 ipv6-address } [ port port-number ] [ facility local-number ] |
By default, no log host or related parameters are specified. The value of the port-number argument must be the same as the value configured on the log host. Otherwise, the log host cannot receive logs. |
Outputting logs to the log buffer
|
Step |
Command… |
Remarks |
|
1. Enter system view. |
N/A |
|
|
2. Enable the information center. |
info-center enable |
By default, the information center is enabled. |
|
3. (Optional.) Enable log output to the log buffer and set the buffer size. |
info-center logbuffer [ size buffersize ] |
By default, log output to the log buffer is enabled and the buffer can store up to 512 logs. |
|
4. Configure an output rule for the log buffer. |
info-center source { module-name | default } { console | monitor | logbuffer | logfile | loghost } { deny | level severity } |
For more information about default output rules, see "Default log output rules." |
|
5. (Optional.) Configure the timestamp format. |
info-center timestamp { boot | date | none } |
By default, the timestamp format is date. |
Saving logs to a log file
This feature enables the device to save generated logs to a log file.
The system saves the logs in the log file buffer to the log file at the specified interval (24 hours by default). It performs this operation when the device is not busy, for example, in the morning. You can also manually save the logs. After the logs in the log file buffer are saved into the log file, the system clears the log file buffer.
· On devices that support a single log file, the log file has a specific capacity. When the capacity is reached, the system will replace earliest logs with new logs.
· On devices that support multiple log files, each log file has a specific capacity. When the capacity is reached, the system will create a new log file to save new logs. The log files are named as logfile1.log, logfile2.log, and so on. When the number of log files reaches the upper limit, or the maximum storage space is reached, the system will delete the earliest log file and create a new one.
To save logs to a log file:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable the information center. |
info-center enable |
By default, the information center is enabled. |
|
3. Enable the log file feature. |
info-center logfile enable |
By default, the log file feature is enabled. |
|
4. (Optional.) Configure the maximum storage space for a log file. |
info-center logfile size-quota size |
To ensure normal operation, set the size argument to a value between 1 MB and 10 MB. |
|
5. (Optional.) Specify the directory to save the log file. |
info-center logfile switch-directory dir-name |
By default, the log file is saved in the logfile directory under the root directory of the storage device (the root directory of the storage device varies with devices). The configuration made by this command cannot survive a reboot or an active/standby switchover. (In standalone mode.) The configuration made by this command cannot survive an IRF reboot or a global active/standby switchover. (In IRF mode.) |
|
6. Save the logs in the log file buffer to the log file. |
·
Approach 1: Configure
the interval to perform the save operation: ·
Approach 2: Manually
save the logs in the log file buffer to the log file: |
Use either approach. By default, the system saves logs to the log file at the interval specified by info-center logfile frequency, which has a default setting of 86400 seconds. The logfile save command is available in any view. |
Enabling synchronous information output
The output of system logs interrupts ongoing configuration operations. You have to find the previously input commands before the logs. Synchronous information output can show the previous input after log output and a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.
If system information is output before you enter information at a command line prompt, the system does not display the command line prompt after the system information output.
If system information is output when you are entering some interactive information (non Y/N confirmation information), the system displays your input in a new line after the system information output.
To enable synchronous information output:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable synchronous information output. |
info-center synchronous |
By default, synchronous information output is disabled. |
Enabling duplicate log suppression
The output of consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources, making it difficult for network administrators to find useful information and maintain the device.
With this feature enabled, the system starts a suppression period upon outputting a log:
· During the suppression period, the system does not output logs that have the same module name, level, mnemonic, location, and text as the previous log.
· After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds for the first time, 2 minutes for the second time, and 10 minutes for subsequent times.
· If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then the different log, and starts another suppression period.
To enable duplicate log suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable duplicate log suppression. |
info-center logging suppress duplicates |
By default, duplicate log suppression is disabled. |
Disabling an interface from generating link up/down logging information
By default, all interfaces generate link up or link down log information when the state changes. In some cases, you might want to disable specific interfaces from generating this information. For example:
· You are concerned only about the states of some interfaces. In this case, you can use this function to disable other interfaces from generating link up and link down log information.
· An interface is unstable and continuously outputs log information. In this case, you can disable the interface from generating link up and link down log information.
Use the default setting in normal cases to avoid affecting interface status monitoring.
To disable an interface from generating link up/down logging information:
|
Step |
Command |
Remarks |
|
3. Enter system view. |
system-view |
N/A |
|
4. Enter Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, or VLAN interface view. |
interface interface-type interface-number |
N/A |
|
5. Disable the interface from generating link up or link down logging information. |
undo enable log updown |
By default, all interfaces generate link up and link down logging information when the interface state changes. |
Displaying and maintaining information center
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display the information of each output destination. |
display info-center |
|
Display the state and the log information of the log buffer (in standalone mode). |
display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] * |
|
Display the state and the log information of the log buffer (in IRF mode). |
display logbuffer [ reverse ] [ level severity | size buffersize | chassis chassis-number slot slot-number ] * |
|
Display a summary of the log buffer (in standalone mode). |
display logbuffer summary [ level severity | slot slot-number ] * |
|
Display a summary of the log buffer (in IRF mode). |
display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] * |
|
Display the configuration of the log file. |
display logfile summary |
|
Clear the log buffer. |
reset logbuffer |
Information center configuration examples
|
|
NOTE: By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are down. Before configuring these interfaces, bring them up by using the undo shutdown command. |
Outputting logs to the console
Network requirements
Configure the device to output to the console FTP logs that have a severity level of at least warning.
Figure 2 Network diagram
Configuration procedure
# Enable the information center.
<Sysname> system-view
[Sysname] info-center enable
# Disable log output to the console.
[Sysname] info-center source default console deny
To avoid output of unnecessary information, disable all modules from outputting log information to the specified destination (console in this example) before you configure the output rule.
# Configure an output rule to output to the console FTP logs that have a severity level of at least warning.
[Sysname] info-center source ftp console level warning
[Sysname] quit
# Enable the display of logs on the console. (This function is enabled by default.)
<Sysname> terminal logging level 6
<Sysname> terminal monitor
Current terminal monitor is on.
Now, if the FTP module generates logs, the information center automatically sends the logs to the console, and the console displays the logs.
Outputting logs to a UNIX log host
Network requirements
Configure the device to output to the UNIX log host FTP logs that have a severity level of at least informational.
Figure 3 Network diagram
Configuration procedure
Before the configuration, make sure that the device and the log host can reach each other. (Details not shown.)
1. Configure the device:
# Enable the information center.
<Device> system-view
[Device] info-center enable
# Specify the log host 1.2.0.1/16 and specify local4 as the logging facility.
[Device] info-center loghost 1.2.0.1 facility local4
# Disable log output to the log host.
[Device] info-center source default loghost deny
To avoid output of unnecessary information, disable all modules from outputting logs to the specified destination (loghost in this example) before you configure an output rule.
# Configure an output rule to output to the log host FTP logs that have a severity level of at least informational.
[Device] info-center source ftp loghost level informational
2. Configure the log host:
The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.
a. Log in to the log host as a root user.
b. Create a subdirectory named Device in directory /var/log/, and then create file info.log in the Device directory to save logs from Device.
# mkdir /var/log/Device
# touch /var/log/Device/info.log
c. Edit the file syslog.conf in directory /etc/ and add the following contents.
# Device configuration messages
local4.info /var/log/Device/info.log
In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.
|
|
NOTE: Follow these guidelines while editing the file /etc/syslog.conf: · Comments must be on a separate line and must begin with a pound sign (#). · No redundant spaces are allowed after the file name. · The logging facility name and the severity level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands. Otherwise, the log information might not be output properly to the log host. |
d. Display the process ID of syslogd, kill the syslogd process, and then restart syslogd using the –r option to make the new configuration take effect.
# ps -ae | grep syslogd
147
# kill -HUP 147
# syslogd -r &
Now, the device can output FTP logs to the log host, which stores the logs to the specified file.
Outputting logs to a Linux log host
Network requirements
Configure the device to output to the Linux log host 1.2.0.1/16 FTP logs that have a severity level of at least informational.
Figure 4 Network diagram
Configuration procedure
Before the configuration, make sure that the device and the log host can reach each other. (Details not shown.)
1. Configure the device:
# Enable the information center.
<Sysname> system-view
[Sysname] info-center enable
# Specify the log host 1.2.0.1/16, and specify local5 as the logging facility.
[Sysname] info-center loghost 1.2.0.1 facility local5
# Disable log output to the log host.
[Sysname] info-center source default loghost deny
To avoid outputting unnecessary information, disable all modules from outputting log information to the specified destination (loghost in this example) before you configure an output rule.
# Configure an output rule to enable output to the log host FTP logs that have a severity level of at least informational.
[Sysname] info-center source ftp loghost level informational
2. Configure the log host:
The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.
a. Log in to the log host as a root user.
b. Create a subdirectory named Device in the directory /var/log/, and create file info.log in the Device directory to save logs of Device.
# mkdir /var/log/Device
# touch /var/log/Device/info.log
c. Edit the file syslog.conf in directory /etc/ and add the following contents.
# Device configuration messages
local5.info /var/log/Device/info.log
In the above configuration, local5 is the name of the logging facility used by the log host to receive logs. info is the informational level. The Linux system will store the log information with a severity level equal to or higher than informational to the file /var/log/Device/info.log.
|
|
NOTE: Follow these guidelines to edit the file /etc/syslog.conf: · Comments must be on a separate line and must begin with a pound sign (#). · No redundant spaces are allowed after the file name. · The logging facility name and the information level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands. Otherwise, the log information might not be output properly to the log host. |
d. Display the process ID of syslogd, kill the syslogd process, and then restart syslogd by using the -r option to apply the new configuration.
Make sure the syslogd process is started with the -r option on a Linux log host.
# ps -ae | grep syslogd
147
# kill -9 147
# syslogd -r &
Now, the system can record log information into the specified file.
