Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Information center commands | 341.32 KB |
Contents
display diagnostic-logfile summary
display info-center file-server
display security-logfile buffer
display security-logfile summary
info-center diagnostic-logfile directory
info-center diagnostic-logfile enable
info-center diagnostic-logfile frequency
info-center diagnostic-logfile quota
info-center file-server transport-type
info-center logfile size-quota
info-center logging suppress duplicates
info-center logging suppress module
info-center loghost locate-info with-sn
info-center security-logfile alarm-threshold
info-center security-logfile directory
info-center security-logfile enable
info-center security-logfile frequency
info-center security-logfile size-quota
info-center syslog trap buffersize
Information center commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
character-set
Use character-set to specify the character set encoding for logs.
Use undo character-set to restore the default.
Syntax
character-set { gb18030 | utf-8 }
undo character-set
Default
The GB18030 character set encoding is used for logs.
Views
Log output profile view
Predefined user roles
network-admin
Parameters
gb18030: Specifies the GB18030 character set encoding.
utf-8: Specifies the UTF-8 character set encoding.
Usage guidelines
For the user' login terminal to correctly display Chinese characters in log messages received from the device, the device and the terminal must use the same character set encoding.
You can use this command to specify the UTF-8 or GB18030 character set encoding for logs.
Examples
# Create log output profile profile1 and specify the UTF-8 character set encoding for logs.
<sysname> system-view
[sysname] info-center output-profile profile1
[sysname-ic-profile-profile1] character-set utf-8
check logfile
Use check logfile to perform integrity check for a log file.
Syntax
check logfile file-path
Views
User view
Predefined user roles
network-admin
Parameters
file-path: Specifies the absolute path of the log file. For successful execution of this command, the file extension must be .log or .log.gz.
Usage guidelines
When the information center saves a log message to the log file, it uses the device master key to calculate a digest for the log file and saves the digest in the log file. The digest is used to perform integrity check for the log file. The device provides a device master key by default, and you can also configure a master key by using the set master-key command. For more information about the master key, see public key management in Security Configuration Guide.
When this command is executed, the information center uses the master key to recalculate a digest for the log file and then compares the digest with that saved in the log file. If the two digests are consistent, the log file passes the integrity check. If they do not match, the log file fails the integrity check.
Examples
# Perform integrity check for log file flash:/logfile/logfile.log.
<Sysname> check logfile flash:/logfile/logfile.log
The integrity check for the logfile succeeded.
Related commands
set master-key (Security Command Reference)
diagnostic-logfile save
Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
Syntax
diagnostic-logfile save
Views
Any view
Predefined user roles
network-admin
Usage guidelines
You can specify the directory to save the diagnostic log file by using the info-center diagnostic-logfile directory command.
The system clears the diagnostic log file buffer after saving the buffered diagnostic logs to the diagnostic log file.
If the diagnostic log file buffer is empty, this command displays a success message event though no logs are saved to the diagnostic log file.
Examples
# Manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
<Sysname> diagnostic-logfile save
The contents in the diagnostic log file buffer have been saved to the file flash:/diagfile/diagfile.log.
Related commands
info-center diagnostic-logfile enable
info-center diagnostic-logfile directory
display diagnostic-logfile summary
Use display diagnostic-logfile summary to display the diagnostic log file configuration.
Syntax
display diagnostic-logfile summary
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the diagnostic log file configuration.
<Sysname> display diagnostic-logfile summary
Diagnostic log file: Enabled.
Diagnostic log file size quota: 10 MB
Diagnostic log file directory: flash:/diagfile
Writing frequency: 24 hour 0 min 0 sec
Table 1 Command output
|
Field |
Description |
|
Diagnostic log file |
Status of the diagnostic log file: · Enabled—Diagnostic logs can be output to the diagnostic log file. · Disabled—Diagnostic logs cannot be output to the diagnostic log file. |
|
Diagnostic log file size quota |
Maximum size for the diagnostic log file, in MB. |
|
Log file directory |
Directory where the diagnostic log file is saved. |
|
Writing frequency |
Interval at which the system saves diagnostic logs from the buffer to the diagnostic log file. |
display info-center
Use display info-center to display information center configuration.
Syntax
display info-center
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information center configuration.
<Sysname> display info-center
Information Center: Enabled
Console: Enabled
Monitor: Enabled
Log host: Enabled
Log buffer: Enabled
Max buffer size 10240, current buffer size 512
Current messages 512, dropped messages 0, overwritten messages 873
Log file: Enabled
Security log file: Disabled
Information timestamp format:
Log host: Date
Other output destination: Date
display info-center file-server
Use display info-center file-server to display the configuration of the remote server and the backup records.
Syntax
display info-center file-server
Views
User view
Predefined user roles
network-admin
network-operator
Usage guidelines
When the local device performs a log file backup to the remote server, it records relevant information for this backup operation. The device supports saving a maximum of 10 backup records.
You can use this command to view information about backup operations, including the backup execution time and result.
Examples
# Display the configuration of the remote server and the backup records.
<Sysname> display info-center file-server
Username: test
Protocol: ftp
IP: 1.1.1.1
Port: 22
VPN: vpnname
Directory: /backup
Filename prefix: my_backup
File type: logfile, security-logfile
Backup records:
No. TimeStamp FileName
1 Wed Jan 15 14:20:18 2022 my_backup_20220115142018.log
!2 Wed Jan 15 14:33:10 2022 my_backup_20220115143310.log
3 Wed Jan 15 14:49:37 2022 my_backup_20220115144937.log
The exclamation mark (!) indicates that the backup attempt failed.
Table 2 Command output
|
Field |
Description |
|
Username |
Username for logging in to the remote server. This field displays N/A if the username is not configured. To back up log files through FTP or SCP, you must configure the login username and password. |
|
Protocol |
Protocol used in backing up log files. |
|
IP |
IP address of the remote server. |
|
Port |
Port number of the remote server. |
|
VPN |
VPN to which the remote server belongs. |
|
Directory |
Log file storage directory on the remote server. |
|
Filename prefix |
Filename prefix used in saving log files to the remote server. |
|
Backup records |
Records of log file backups, including the following information: · No.—Sequence number of the backup operation. · TimeStamp—System time when the device started backing up log files. · FileName—Filename used in saving log files on the remote server. |
Related commands
info-center file-server transport-type
info-center file-server user
display info-center filter
Use display info-center filter to display information about log output filters.
Syntax
display info-center filter [ filter-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
filter-name: Specifies an existing log output filter by its name. If you do not specify a log output filter, this command displays information about all log output filters.
Examples
# Display information about log output filter loghost1.
<Sysname> display info-center filter loghost1
Log output filter: loghost1
Module Mnemonic Rule
ARP INFO Debugging
CFGLOG cfg Deny
Default Informational
Table 3 Command output
|
Field |
Description |
|
Log output filter |
Name of the log output filter. |
|
Module |
Module to which the log output filter applies. |
|
Mnemonic |
Full form of the mnemonic. |
|
Rule |
Rules in the log output filter. |
Related commands
info-center filter
display logbuffer
Use display logbuffer to display log buffer information and buffered logs.
Syntax
display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] * [ last-mins mins ] [ start-time time date ] [ end-time time date ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
reverse: Displays log entries chronologically, with the most recent entry at the top. If you do not specify this keyword, the command displays log entries chronologically, with the oldest entry at the top.
level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information for all levels.
|
Severity value |
Level |
Description |
Keyword in commands |
|
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
emergency |
|
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
alert |
|
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
critical |
|
3 |
Error |
Error condition. For example, the link state changes. |
error |
|
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
warning |
|
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
notification |
|
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
informational |
|
7 |
Debugging |
Debugging message. |
debugging |
size buffersize: Specifies the number of latest logs to be displayed. The value range is 1 to 1024. If you do not specify this option, the command displays all logs in the log buffer.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards.
last-mins mins: Displays logs buffered over the last specified period of time. The mins argument specifies a time period in the range of 1 to 43200 minutes. If you do not specify a time period, no buffer time limit is applied to displayed logs.
start-time: Displays logs buffered at the specified time or later. If you do not specify the start time, no start time limit is applied to displayed logs.
end-time: Displays logs buffered at the specified time or earlier. If you do not specify the end time,
the end time is when this command is executed.
time: Specifies the time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit the seconds segment. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
date: Specifies the date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.
Examples
# Display log buffer information and buffered logs.
<Sysname> display logbuffer
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 718
Current messages: 512
%Jun 17 15:57:09:578 2019 Sysname SYSLOG/7/SYS_RESTART:System restarted --
…
# Display log buffer information and logs buffered over the last 5 minutes.
<Sysname> display logbuffer last-mins 5
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 0
Current messages: 191
%Jan 1 01:00:06:784 2019 Sysname SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=192.168.1.242-User=**; Command is display current-configuration
%Jan 1 01:03:19:691 2019 Sysname SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.33.
%Jan 1 01:03:21:269 2019 Sysname SHELL/6/SHELL_CMD: -Line=vty1-IPAddr=192.168.1.33-User=**; Command is display logbuffer last-mins 5
# Display log buffer information and logs generated at 1:00 on January 1, 2023 or after.
<Sysname> display logbuffer start-time 01:00:0 1/1/2023
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 0
Current messages: 191
%Jan 1 01:00:06:784 2023 Sysname SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=192.168.1.242-User=**; Command is display current-configuration
%Jan 1 01:03:19:691 2023 Sysname SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.33.
%Jan 1 01:03:21:269 2023 Sysname SHELL/6/SHELL_CMD: -Line=vty1-IPAddr=192.168.1.33-User=**; Command is display logbuffer last-mins 5
Table 5 Command output
|
Field |
Description |
|
Log buffer |
Status of the log buffer: · Enabled—Logs can be output to the log buffer. · Disabled—Logs cannot be output to the buffer. |
|
Max buffer size |
Maximum buffer size supported by the device. |
|
Actual buffer size |
Maximum buffer size configured by using the info-center logbuffer size command. |
|
Dropped messages |
Number of dropped messages. |
|
Overwritten messages |
Number of overwritten messages. |
|
Current messages |
Number of current messages. |
|
Failed to obtain the specified data. The following tries to display all data in the log buffer. |
The device fails to obtain the data from the database because of abnormal interaction with the database. Then all data in the log buffer will be displayed. |
Related commands
info-center logbuffer
reset logbuffer
display logbuffer summary
Use display logbuffer summary to display the log buffer summary.
Syntax
display logbuffer summary [ level severity | slot slot-number ] *
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information of all levels in the log buffer. For more information about log levels, see Table 4.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards.
Examples
# Display the summary of the log buffer.
<Sysname> display logbuffer summary
Slot EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 0 0 7 3 53 0
1 0 0 0 449 0 0 0 0
Table 6 Command output
|
Field |
Description |
|
EMERG |
Represents emergency. For more information, see Table 4. |
|
ALERT |
Represents alert. For more information, see Table 4. |
|
CRIT |
Represents critical. For more information, see Table 4. |
|
ERROR |
Represents error. For more information, see Table 4. |
|
WARN |
Represents warning. For more information, see Table 4. |
|
NOTIF |
Represents notification. For more information, see Table 4. |
|
INFO |
Represents informational. For more information, see Table 4. |
|
DEBUG |
Represents debug. For more information, see Table 4. |
display logfile buffer
Use display logfile buffer to display the content of the log file buffer.
Syntax
display logfile buffer
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The system saves logs to the log file buffer before the logs are saved to the log file automatically or manually.
After saving the buffered logs to the log file, the system clears the log file buffer.
Examples
# Display the content of the log file buffer.
<Sysname> display logfile buffer
%@356%Dec 13 16:53:45:495 2019 H3C SHELL/6/SHELL_CMD: -Line=con0-IPAddr=**-User=**; Command is logfile save.
Related commands
info-center logfile frequency
logfile save
display logfile summary
Use display logfile summary to display the log file configuration.
Syntax
display logfile summary
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the log file configuration.
<Sysname> display logfile summary
Log file: Enabled.
Log file size quota: 10 MB
Log file directory: flash:/logfile
Writing frequency: 24 hour 0 min 10 sec
Table 7 Command output
|
Field |
Description |
|
Log file |
Log file status: · Enabled—Logs can be output to the log file. · Disabled—Logs cannot be output to the log file. |
|
Log file size quota |
Maximum log file size, in MB. |
|
Log file directory |
Log file directory. |
|
Writing frequency |
Interval at which the system saves logs from the buffer to the log file. |
display security-logfile buffer
Use display security-logfile buffer to display the content of the security log file buffer.
Syntax
display security-logfile buffer
Views
Any view
Predefined user roles
security-audit
Usage guidelines
The system saves security logs to the security log file buffer before the logs are saved to the security log file automatically or manually.
After saving the buffered security logs to the security log file, the system clears the security log file buffer.
To use this command, a local user must have the security-audit user role. For information about configuring the security-audit user role, see AAA configuration in User Access and Authentication Configuration Guide.
Examples
# Display the content of the security log file buffer.
<Sysname> display security-logfile buffer
%@1%Sep 17 11:13:16:609 2019 Sysname SHELL/5/SHELL_LOGIN: Console logged in from con0.
Related commands
info-center security-logfile frequency
security-logfile save
display security-logfile summary
Use display security-logfile summary to display the summary of the security log file.
Syntax
display security-logfile summary
Views
Any view
Predefined user roles
security-audit
Usage guidelines
To use this command, a local user must have the security-audit user role. For information about configuring the security-audit user role, see AAA configuration in User Access and Authentication Configuration Guide.
Examples
# Display the summary of the security log file.
<Sysname> display security-logfile summary
Security log file: Enabled
Security log file size quota: 10 MB
Security log file directory: flash:/seclog
Alarm threshold: 80%
Current usage: 30%
Writing frequency: 24 hour 0 min 0 sec
Table 8 Command output
|
Field |
Description |
|
Security log file |
Status of the security log file: · Enabled—Security logs can be output to the security log file. · Disabled—Security logs cannot be output to the security log file. |
|
Security log file size quota |
Maximum storage space reserved for the security log file. |
|
Security log file directory |
Security log file directory. |
|
Alarm threshold |
Alarm threshold of the security log file usage. |
|
Current usage |
Current usage of the security log file. |
|
Writing frequency |
Interval at which the system saves security logs from the buffer to the security log file. |
Related commands
authorization-attribute (User Access and Authentication Command Reference)
enable log updown
Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.
Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.
Syntax
enable log updown
undo enable log updown
Default
All interfaces are allowed to generate link up and link down logs.
Views
Interface view
Predefined user roles
network-admin
Examples
# Disable GigabitEthernet 1/0/1 from generating link up or link down logs.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] undo enable log updown
format
Use format to set the log format.
Use undo format to restore the default.
Syntax
format { cmcc | unicom }
undo format
Default
The log format is non-customized.
Views
Log output profile view
Predefined user roles
network-admin
Parameters
cmcc: Specifies the China Mobile Communications Corporation (CMCC) format.
unicom: Specifies the China Unicom format.
Usage guidelines
You can use either the info-center format or format command to configure the format of logs sent to the log host. Specifically:
· The info-center format command in system view is effective for all log hosts.
· The format command in log output profile view applies only to log hosts that use the log output profile.
The configuration in log output profile view takes precedence over the configuration in system view. If a log host is bound to a log output profile, the device will use the configuration in the log output profile when sending logs to the log host. The configuration in system view will not take effect on that log host.
Examples
# Create log output profile profile1 and set the log format to CMCC.
<sysname> system-view
[sysname] info-center output-profile profile1
[sysname-ic-profile-profile1] format cmcc
Related commands
info-center format
info-center loghost
info-center diagnostic-logfile directory
Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.
Syntax
info-center diagnostic-logfile directory dir-name
Default
The diagnostic log file directory is flash:/diagfile.
Views
System view
Predefined user roles
network-admin
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 64 characters.
Usage guidelines
The specified directory must have been created.
This command cannot survive a reboot or an active/standby switchover.
Examples
# Set the diagnostic log file directory to flash:/test.
<Sysname> mkdir test
Creating directory flash:/test... Done.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile directory flash:/test
info-center diagnostic-logfile enable
Use info-center diagnostic-logfile enable to enable saving diagnostic logs to the diagnostic log file.
Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs to the diagnostic log file.
Syntax
info-center diagnostic-logfile enable
undo info-center diagnostic-logfile enable
Default
Saving diagnostic logs to the diagnostic log file is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems.
Examples
# Enable saving diagnostic logs to the diagnostic log file.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile enable
info-center diagnostic-logfile frequency
Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
Use undo info-center diagnostic-logfile frequency to restore the default.
Syntax
info-center diagnostic-logfile frequency freq-sec
undo info-center diagnostic-logfile frequency
Default
The diagnostic log file saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
freq-sec: Specifies the diagnostic log file saving interval in seconds. The value range is 10 to 86400.
Usage guidelines
The system outputs diagnostic logs to the diagnostic log file buffer, and then saves the buffered logs to the diagnostic log file at the specified interval.
Examples
# Set the diagnostic log file saving interval to 600 seconds.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile frequency 600
Related commands
info-center diagnostic-logfile enable
info-center diagnostic-logfile quota
Use info-center diagnostic-logfile quota to set the maximum size for the diagnostic log file.
Use undo info-center diagnostic-logfile quota to restore the default.
Syntax
info-center diagnostic-logfile quota size
undo info-center diagnostic-logfile quota
Default
The maximum size for the diagnostic log file is 10 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Specifies the maximum size for the diagnostic log file, in MB. The value range is 1 to 10.
Examples
# Set the maximum size to 6 MB for the diagnostic log file.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile quota 6
info-center enable
Use info-center enable to enable the information center.
Use undo info-center enable to disable the information center.
Syntax
info-center enable
undo info-center enable
Default
The information center is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the information center.
<Sysname> system-view
[Sysname] info-center enable
Information center is enabled.
info-center file-server transport-type
Use info-center file-server transport-type to back up log files to a remote server.
Use undo info-center file-server transport-type to restore the default.
Syntax
info-center file-server transport-type { ftp | scp | tftp } { ipv4-address | ipv6 ipv6-address } [ port port-number ] [ vpn-instance vpn-instance-name ] [ directory directory ] filename-prefix filename-prefix [ file-type { logfile | security-logfile } ]
undo info-center file-server transport-type
Default
The device does not back up log files to a remote server.
Views
System view
Predefined user roles
network-admin
Parameters
ftp: Uses FTP to back up log files to the remote server. The device acts as the FTP client. For more information about FTP, see FTP and TFTP configuration in Fundamentals Configuration Guide.
scp: Uses SCP to back up log files to the remote server. The SCP protocol is based on SSH2 and provides secure file copy function. The device acts as the SCP client. For more information about SCP, see SSH configuration in Security Configuration Guide.
tftp: Uses TFTP to back up log files to the remote server. The device acts as the TFTP client. For more information about TFTP, see FTP and TFTP configuration in Fundamentals Configuration Guide.
ipv4-address: Specifies a remote server by its IPv4 address. The address must be the same as that configured on the remote server.
ipv6 ipv6-address: Specifies a remote server by its IPv6 address. The address must be the same as that configured on the remote server.
port port-number: Specifies the listening port number of the remote server, in the range of 1 to 65535. The default is 21 for FTP, 22 for SCP, and 69 for TFTP. The port number must be the same as that configured on the remote server.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
directory directory: Specifies a log file storage directory on the remote server, a case-sensitive string of 1 to 63 characters. If you do not specify a directory, log files will be backed up to the working path of the remote server. You can use this option to specify a subdirectory under the working path of the remote server. For successful backup, make sure the subdirectory has been created on the remote server. Specify the relative path of the subdirectory for a TFTP or FTP server, and the absolute path of the subdirectory for an SCP server.
filename-prefix filename-prefix: Specifies a filename prefix used in saving log files to the remote server, a case-sensitive string of 1 to 30 characters. For example, you can use the device's IP address as the filename prefix to identify the device that generated the log files.
file-type { logfile | security-logfile }: Specifies the type of log files to back up. If you do not specify a log file type, all general log files and security log files under the corresponding directories will be backed up.
· logfile: General log files under the directory specified by the info-center logfile directory command.
· security-logfile: Security log files under the directory specified by the info-center security-logfile directory command.
Usage guidelines
You can use this command to back up general log files and/or security log files to a remote server through FTP, TFTP, or SCP, so as to enhance the log file security.
When a log file is full, the device will automatically back up the log file to the remote server.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use FTP to back up general log files to the remote server at 1.1.1.1, and specify the port number and filename prefix as 8000 and 2-2-2-2, respectively.
<Sysname> system-view
[Sysname] info-center file-server transport-type ftp 1.1.1.1 port 8000 filename-prefix 2-2-2-2 file-type logfile
Related commands
display info-center file-server
info-center file-server user
info-center file-server user
Use info-center file-server user to specify the username and password for logging in to the remote server to back up log files.
Syntax
info-center file-server user user-name password { cipher | simple } password
undo info-center file-server user
Default
The username and password for logging in to the remote server to back up log files are not specified.
Views
System view
Predefined user roles
network-admin
Parameters
user-name: Specifies a username for logging in to the remote server, a case-sensitive string of 1 to 63 characters.
password { cipher | simple } password: Specifies a password for logging in to the remote server, case sensitive.
· cipher: Specifies a password in encrypted form, a string of 33 to 117 characters.
· simple: Specifies a password in plaintext form, a string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.
Usage guidelines
Before backing up log files to a FTP or SCP remote server, use this command to specify the username and password for logging in to the remote server. The username and password configured in this command must be the same as those configured on the remote server.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the username and password for logging in to the FTP or SCP remote server as ftpuser and ftp123456, respectively.
<Sysname> system-view
[Sysname] info-center file-server user ftpuser password simple ftp123456
Related commands
display info-center file-server
info-center file-server transport-type
info-center filter
Use info-center filter to create a log output filter.
Syntax
info-center filter filter-name { module-name [ mnemonic mnemonic-value ] | default } { deny | level severity }
undo info-center filter filter-name [ module-name [ mnemonic mnemonic-value ] | default ]
Default
No log output filters exist.
Views
System view
Predefined user roles
network-admin
Parameters
filter-name: Specifies a name for the log output filter, a case-insensitive string of 1 to 8 characters.
module-name: Specifies a module by its name. To view the names of supported modules, execute the info-center filter filter-name ? command.
mnemonic mnemonic-value: Filters log output of the module by a log mnemonic. The mnemonic-value argument represents the full form of the mnemonic, a case-insensitive string of 1 to 32 characters. If you do not enter the full form of the mnemonic, the filter will fail. If this option is not specified, logs are filtered only by module names.
default: Specifies all supported modules.
deny: Disables log output.
level severity: Specifies a log severity level by its name. Supported severity levels are alert, critical, debugging, emergency, error, informational, notification, and warning. See Table 4 for more information about the log severity levels. The log output filter applies to logs of the specified severity level and all higher levels.
Usage guidelines
A log output filter contains a set of log output filter rules for modules. You can use this command to create multiple log output filters. When specifying a log host, you can apply a log output filter to control log output to the log host.
You can also use the info-center source command to configure log output rules for the log host output destination. The system chooses the settings to control log output to a log host in the following order:
1. Log output filter specified for the log host by using the info-center loghost command.
2. Log output rules configured for the log host output destination by using the info-center source command.
3. Default log output rules (see Table 9).
Follow these restrictions and guidelines when you configure a log output filter:
· To set a log output filter rule for a module, use the module-name argument to specify the module name.
If you set log output filter rules for the same module multiple times, the most recent configuration takes effect.
· To set a general log output filter rule for all modules, use the default keyword. The general log output filter rule applies to all modules that do not have module-specific filter rules.
If you set a general log output filter rule multiple times, the most recent configuration takes effect.
· If no general log output filter rule is set, the system outputs logs with severity levels informational through alert for modules that do not have module-specific filter rules.
· To remove a module-specific log output filter rule, you must use the module-name argument. If you do not specify any parameters, the entire log output filter is deleted.
Examples
# Create log output filter loghost1. In the log output filter, enable the ARP module to output logs with severity levels notification through alert, the SNMP module to output logs with severity levels warning through alert, and disable log output of all other modules.
<Sysname> system-view
[Sysname] info-center filter loghost1 arp level notification
[Sysname] info-center filter loghost1 snmp level warning
[Sysname] info-center filter loghost1 default deny
Related commands
display info-center filter
info-center loghost
info-center source
info-center format
Use info-center format to set the format for logs sent to log hosts.
Use undo info-center format to restore the default.
Syntax
info-center format { cmcc | unicom }
undo info-center format
Default
Logs are sent to log hosts in standard format.
Views
System view
Predefined user roles
network-admin
Parameters
cmcc: Specifies the China Mobile Communications Corporation (CMCC) format.
unicom: Specifies the China Unicom format.
Usage guidelines
Logs can be sent to log hosts in standard, China Unicom, or CMCC format. For more information about log formats, see information center configuration in System Management Configuration Guide.
You can use either the info-center format or format command to configure the format of logs sent to the log host. Specifically:
· The info-center format command in system view is effective for all log hosts.
· The format command in log output profile view applies only to log hosts that use the log output profile.
The configuration in log output profile view takes precedence over the configuration in system view. If a log host is bound to a log output profile, the device will use the configuration in the log output profile when sending logs to the log host. The configuration in system view will not take effect on that log host.
Examples
# Set the log format to China Unicom for logs sent to log hosts.
<Sysname> system-view
[Sysname] info-center format unicom
Related commands
format
info-center logbuffer
Use info-center logbuffer to enable log output to the log buffer.
Use undo info-center logbuffer to disable log output to the log buffer.
Syntax
info-center logbuffer
undo info-center logbuffer
Default
Log output to the log buffer is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables log output to log buffers based on the log source modules.
· Logs generated by modules that have separate log buffers are saved to their respective log buffers.
For example, session logs are saved to the session log buffer.
· Logs generated by other modules are saved to the general log buffer.
To view log buffer information and buffered logs, use the display logbuffer command.
To set the log buffer size, use the info-center logbuffer size command.
Examples
# Enable log output to the log buffer.
<Sysname> system-view
[Sysname] info-center logbuffer
Related commands
display logbuffer
info-center enable
info-center logbuffer size
Use info-center logbuffer size to set the maximum number of logs that can be buffered.
Use undo info-center logbuffer size to restore the default.
Syntax
info-center logbuffer size buffersize
undo info-center logbuffer size
Default
A maximum of 512 logs can be buffered.
Views
System view
Predefined user roles
network-admin
Parameters
buffersize: Specifies the maximum log buffer size. The value range is 0 to 1024.
Examples
# Set the maximum log buffer size to 50.
<Sysname> system-view
[Sysname] info-center logbuffer size 50
# Restore the default maximum log buffer size.
<Sysname> system-view
[Sysname] undo info-center logbuffer size
Related commands
display logbuffer
info-center enable
info-center logfile directory
Use info-center logfile directory to specify the directory to save the log file.
Syntax
info-center logfile directory dir-name
Default
The log file directory is flash:/logfile.
Views
System view
Predefined user roles
network-admin
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 64 characters.
Usage guidelines
The specified log file directory must have been created.
The log file uses the .log extension.
This command cannot survive a reboot or an active/standby switchover.
Examples
# Set the log file directory to flash:/test.
<Sysname> mkdir test
Creating directory flash:/test... Done.
<Sysname> system-view
[Sysname] info-center logfile directory flash:/test
Related commands
info-center logfile enable
info-center logfile enable
Use info-center logfile enable to enable the log file feature.
Use undo info-center logfile enable to disable the log file feature.
Syntax
info-center logfile enable
undo info-center logfile enable
Default
The log file feature is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable log output to the log file.
<Sysname> system-view
[Sysname] info-center logfile enable
info-center logfile frequency
Use info-center logfile frequency to configure the interval at which the system saves logs from the log file buffer to the log file.
Use undo info-center logfile frequency to restore the default.
Syntax
info-center logfile frequency freq-sec
undo info-center logfile frequency
Default
The log file saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
freq-sec: Specifies the log file saving interval in seconds. The value range is 1 to 86400.
Usage guidelines
This command enables the system to automatically save logs in the log file buffer to the log file at the specified interval.
Examples
# Set the log file saving interval to 60000 seconds.
<Sysname> system-view
[Sysname] info-center logfile frequency 60000
Related commands
info-center logfile enable
info-center logfile size-quota
Use info-center logfile size-quota to set the maximum log file size.
Use undo info-center logfile size-quota to restore the default.
Syntax
info-center logfilesize-quota size
undo info-center logfilesize-quota
Default
The maximum log file size is 10 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Specifies the maximum log file size in MB. The value range is 1 to 10.
Examples
# Set the maximum log file size to 6 MB.
<Sysname> system-view
[Sysname] info-center logfile size-quota 6
Related commands
info-center logfile enable
info-center logging suppress duplicates
Use info-center logging suppress duplicates to enable duplicate log suppression.
Use undo info-center logging suppress duplicates to disable duplicate log suppression.
Syntax
info-center logging suppress duplicates
undo info-center logging suppress duplicates
Default
Duplicate log suppression is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Outputting consecutive duplicate logs wastes system and network resources and increases device maintenance costs. You can enable this feature to suppress output of consecutive duplicate logs.
Examples
# Enable duplicate log suppression on device A.
<Sysname> system-view
[Sysname] info-center logging suppress duplicates
info-center logging suppress module
Use info-center logging suppress module to configure a log suppression rule for a module.
Use undo info-center logging suppress module to delete a log suppression rule.
Syntax
info-center logging suppress module module-name mnemonic { all | mnemonic-value }
undo info-center logging suppress module module-name mnemonic { all | mnemonic-value }
Default
The device does not suppress output of any logs from any modules.
Views
System view
Predefined user roles
network-admin
Parameters
module-name: Specifies a log source module by its name, a case-insensitive string of 1 to 8 characters. To view the list of available log source modules, use the info-center logging suppress module ? command.
mnemonic { all | mnemonic-value }: Configures a mnemonic filter for log suppression.
· all: Suppresses output of all logs of the module.
· mnemonic-value: Suppresses output of logs with the specified mnemonic value. The mnemonic-value argument is a case-insensitive string of 1 to 32 characters, which must be the complete value contained in the mnemonic field of the log message. Log suppression will fail if a partial mnemonic value is specified.
Usage guidelines
You can configure log suppression rules to filter out the logs that you are not concerned with. A log suppression rule suppresses output of all logs or only logs with a specific mnemonic value for a module.
Examples
# Configure a log suppression rule to suppress output of logs with the shell_login mnemonic value for the shell module.
<Sysname> system-view
[Sysname] info-center logging suppress module shell mnemonic shell_login
Related commands
info-center source
info-center loghost
Use info-center loghost to specify a log host and to configure output parameters.
Use undo info-center loghost to remove a log host.
Syntax
info-center loghost [ vpn-instance vpn-instance-name ] { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] [ dscp dscp-value ] [ facility local-number ] [ filter filter-name ] [ output-profile profile-name ] [ tcp [ ssl-client-policy policy-name ]
undo info-center loghost [ vpn-instance vpn-instance-name ] { hostname | ipv4-address | ipv6 ipv6-address }
Default
No log hosts are specified.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).
ipv4-address: Specifies a log host by its IPv4 address.
ipv6 ipv6-address: Specifies a log host by its IPv6 address.
port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, logs cannot be sent to the log host.
dscp dscp-value: Specifies the DSCP value in log packets sent to the log host. The value range for the dscp-value argument is 0 to 63, and the default is 0. The DSCP value of a packet defines the priority of the packet and affects the transmission priority of the packet. A greater DSCP value represents a higher priority.
facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.
filter filter-name: Specifies a log output filter to control log output to the log host. The filter-name argument represents the filter name, a case-insensitive string of 1 to 8 characters. If you do not specify a log output filter, the log output rules configured by using the info-center source command for the log host destination are used.
output-profile profile-name: Specifies a log output profile to control log output to the log host. The profile-name argument is a case-insensitive string of 1 to 8 characters. If you do not specify a log output profile, the device will use the default parameters to output logs.
tcp: Uses TCP to send logs. The device uses UDP to send logs by default.
ssl-client-policy policy-name: Specifies an SSL client policy to encrypt the sent logs, a case-insensitive string of 1 to 31 characters. If you do not specify this option, logs are sent without encryption.
Usage guidelines
Prerequisites
To use an SSL client policy to encrypt the logs sent to a log host, configure the SSL client policy first. If you have not configured the SSL client policy, the SSL connection cannot be established and logs cannot be sent to the log host. For more information about SSL client policy configuration, see SSL VPN configuration in Security Configuration Guide.
Restrictions and guidelines
The info-center loghost command takes effect only after the information center is enabled by using info-center enable command.
You can execute this command multiple times to configure a maximum of 20 log hosts.
Examples
# Output logs to the log host at 1.1.1.1.
<Sysname> system-view
[Sysname] info-center loghost 1.1.1.1
Related commands
info-center filter
info-center source
info-center loghost locate-info with-sn
Use info-center loghost locate-info with-sn to add the device serial number to the location field of logs sent to log hosts.
Use undo info-center loghost locate-info with-sn to restore the default.
Syntax
info-center loghost locate-info with-sn
undo info-center loghost locate-info with-sn
Default
The device does not add the device serial number to the location field of logs sent to log hosts.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can use both the info-center loghost locate-info with-sn and locate-info with-sn commands to add the device serial number to the location field of logs sent to log hosts. The two commands take effect on different scopes of log hosts:
· The info-center loghost locate-info with-sn command configured in system view takes effect on all log hosts.
· The locate-info with-sn command configured in log output profile view takes effect only on the log hosts using the log output profile.
The configuration in log output profile view takes precedence over the configuration in system view. If a log host is bound to a log output profile, the device will use the configuration in the log output profile when sending logs to the log host. The configuration in system view will not take effect.
Examples
# Add the device serial number to the location field of logs sent to log hosts.
<Sysname> system-view
[Sysname] info-center loghost locate-info with-sn
Related commands
locate-info with-sn
info-center loghost source
Use info-center loghost source to specify a source IP address for logs sent to log hosts.
Use undo info-center loghost source to restore the default.
Syntax
info-center loghost source interface-type interface-number
undo info-center loghost source
Default
The source IP address of logs sent to log hosts is the primary IP address of the outgoing interface.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
The system uses the primary IP address of the specified interface as the source IP address of the logs sent to log hosts.
The info-center loghost source command takes effect only after the information center is enabled by using info-center enable command.
Examples
# Use the IP address of interface Loopback 0 as the source IP address of the logs sent to log hosts.
<Sysname> system-view
[Sysname] interface loopback 0
[Sysname-LoopBack0] ip address 2.2.2.2 32
[Sysname-LoopBack0] quit
[Sysname] info-center loghost source loopback 0
info-center output-profile
Use info-center output-profile to create a log output profile and enter its view, or enter the view of an existing log output profile.
Use undo info-center output-profile to delete the log output profile.
Syntax
info-center output-profile profile-name
undo info-center output-profile profile-name
Views
System view
Predefined user roles
network-admin
Parameters
profile-name: Specifies a log output profile by its name, a case-sensitive string of 1 to 8 characters.
Usage guidelines
After you create a log output profile and bind it to log hosts, you can customize log output parameters for the log hosts, such as the encapsulation format, character set encoding, timestamp format, and the inclusion of device serial number in logs.
Examples
# Create log output profile profile1 and enter its view.
<Sysname> system-view
[Sysname] info-center output-profile profile1
[sysname-ic-profile-profile1]
info-center security-logfile alarm-threshold
Use info-center security-logfile alarm-threshold to set the alarm threshold for security log file usage.
Use undo info-center security-logfile alarm-threshold to restore the default.
Syntax
info-center security-logfile alarm-threshold usage
undo info-center security-logfile alarm-threshold
Default
The alarm threshold for security log file usage is 80. When the usage of the security log file reaches 80%, the system outputs a message to inform the administrator.
Views
System view
Predefined user roles
network-admin
Parameters
usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100.
Usage guidelines
When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file. This feature helps avoid security log loss by setting an alarm threshold for the security log file usage. When the threshold is reached, the system outputs log information to inform the administrator. The administrator can log in to the device with the security-audit user role and back up the security log file.
Examples
# Set the alarm threshold for security log file usage to 90.
<Sysname> system-view
[Sysname] info-center security-logfile alarm-threshold 90
Related commands
info-center security-logfile size-quota
info-center security-logfile directory
Use info-center security-logfile directory to specify the security log file directory.
Syntax
info-center security-logfile directory dir-name
Default
The security log file is saved in the flash:/seclog directory.
Views
System view
Predefined user roles
security-audit
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 64 characters.
Usage guidelines
The specified directory must have been created.
To use this command, a local user must have the security-audit user role. For information about configuring the security-audit user role, see AAA configuration in User Access and Authentication Configuration Guide.
This command cannot survive a reboot or an active/standby switchover.
Examples
# Set the security log file directory to flash:/test.
<Sysname> mkdir test
Creating directory flash:/test... Done.
<Sysname> system-view
[Sysname] info-center security-logfile directory flash:/test
info-center security-logfile enable
Use info-center security-logfile enable to enable saving of security logs to the security log file.
Use undo info-center security-logfile enable to restore the default.
Syntax
info-center security-logfile enable
undo info-center security-logfile enable
Default
The saving of security logs to the security log file is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the system to output security logs to the security log file buffer, and then saves the buffered logs to the security log file regularly.
Examples
# Enable saving security logs to the security log file.
<Sysname> system-view
[Sysname] info-center security-logfile enable
info-center security-logfile frequency
Use info-center security-logfile frequency to configure the interval for saving security logs to the security log file.
Use undo info-center security-logfile frequency to restore the default.
Syntax
info-center security-logfile frequency freq-sec
undo info-center security-logfile frequency
Default
The security log file saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
freq-sec: Specifies the security log file saving interval in seconds. The value range is 10 to 86400 seconds.
Usage guidelines
The system outputs security logs to the security log file buffer, and then saves the buffered logs to the security log file at the specified interval.
Examples
# Set the security log file saving interval to 600 seconds.
<Sysname> system-view
[Sysname] info-center security-logfile frequency 600
Related commands
info-center security-logfile enable
info-center security-logfile size-quota
Use info-center security-logfile size-quota to set the maximum size for the security log file.
Use undo info-center security-logfile size-quota to restore the default.
Syntax
info-center security-logfile size-quota size
undo info-center security-logfile size-quota
Default
The maximum size for the security log file is 10 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Sets the maximum size for the security log file, in MB. The value range is 1 to 10.
Examples
# Set the maximum size to 6 MB for the security log file.
<Sysname> system-view
[Sysname] info-center security-logfile size-quota 6
Related commands
info-center security-logfile alarm-threshold
info-center source
Use info-center source to configure a log output rule for a module.
Use undo info-center source to restore the default.
Syntax
info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }
undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }
Default
Table 9 lists the default log output rules.
Table 9 Default log output rules
|
Destination |
Log source modules |
Output switch |
Severity |
|
Console |
All supported modules |
Enabled |
Debugging |
|
Monitor terminal |
All supported modules |
Disabled |
Debugging |
|
Log host |
All supported modules |
Enabled |
Informational |
|
Log buffer |
All supported modules |
Enabled |
Informational |
|
Log file |
All supported modules |
Enabled |
Informational |
Views
System view
Predefined user roles
network-admin
Parameters
module-name: Specifies a module by its name. You can use the info-center source ? command to view the modules supported by the device.
default: Specifies all supported modules.
console: Outputs logs to the console.
logbuffer: Outputs logs to the log buffer.
logfile: Outputs logs to the log file.
loghost: Outputs logs to the log host.
monitor: Outputs logs to the monitor terminal.
deny: Disables log output.
level severity: Specifies the lowest severity level for logs to be output. A severity level can be alert, critical, debugging, emergency, error, informational, notification, or warning. Logs at the specified severity level and higher levels are allowed to be output. See Table 4 for more information about log severity levels.
Usage guidelines
If you do not set an output rule for a module, the module uses the output rule set by using the default keyword. If no rule is set by using the default keyword, the module uses the default output rule.
To modify or remove an output rule set for a module, you must use the module-name argument. A new output rule configured by using the default keyword does not take effect on the module.
If you execute this command for a module multiple times, the most recent configuration takes effect.
If you execute this command for the default modules multiple times, the most recent configuration takes effect.
Examples
# Output only DEV module's information with the emergency level to the console.
<Sysname> system-view
[Sysname] info-center source default console deny
[Sysname] info-center source dev console level emergency
# Output log messages from the modules to the console except those from the ARP module.
<Sysname> system-view
[Sysname] info-center source arp console deny
info-center synchronous
Use info-center synchronous to enable synchronous information output.
Use undo info-center synchronous to disable synchronous information output.
Syntax
info-center synchronous
Default
Synchronous information output is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
System log output interrupts ongoing configuration operations, including obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.
Examples
# Enable synchronous information output, and then execute the display current-configuration command to view the current configuration of the device.
<Sysname> system-view
[Sysname] info-center synchronous
Info-center synchronous output is on
[Sysname] display current-
At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.
%May 21 14:33:19:425 2019 Sysname SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.44
[Sysname] display current-
Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.
# Enable synchronous information output, and then save the current configuration (enter interactive information).
<Sysname> system-view
[Sysname] info-center synchronous
Info-center synchronous output is on
[Sysname] save
The current configuration will be written to the device. Are you sure? [Y/N]:
At this time, the system receives the log information. It displays the log information first and then displays [Y/N].
%May 21 14:33:19:425 2019 Sysname SHELL/5/SHELL_LOGIN: VTY logged in from 192.168.1.44
[Y/N]:
Enter Y or N to complete your input.
info-center syslog min-age
Use info-center syslog min-age to set the minimum storage period.
Use undo info-center syslog min-age to restore the default.
Syntax
info-center syslogmin-age min-age
undo info-center syslogmin-age
Default
The minimum storage period is not set.
Views
System view
Predefined user roles
network-admin
Parameters
min-age: Sets the minimum storage period in hours. The value range is 1 to 8760.
Examples
# Set the minimum storage period to 168 hours.
<Sysname> system-view
[Sysname] info-center syslog min-age 168
info-center syslog trap buffersize
Use info-center syslog trap buffersize to set the maximum number of log traps that can be stored in the log trap buffer.
Use undo info-center syslog trap buffersize to restore the default.
Syntax
info-center syslog trap buffersize buffersize
undo info-center syslog trap buffersize
Default
The log trap buffer can store a maximum of 1024 traps.
Views
System view
Predefined user roles
network-admin
Parameters
buffersize: Specifies the maximum number of log traps that can be stored in the log trap buffer. The value range is 0 to 65535. Value 0 indicates that the device does not buffer log traps.
Usage guidelines
Log traps are SNMP notifications stored in the log trap buffer. After the snmp-agent trap enable syslog command is configured, the device sends log messages in SNMP notifications to the log trap buffer. You can view the log traps by accessing the MIB corresponding to the trap buffer.
The default buffer size is usually used. You can adjust the buffer size according to your network condition. New traps overwrite the oldest traps when the log trap buffer is full.
Examples
# Set the log trap buffer size to 2048.
<Sysname> system-view
[Sysname] info-center syslog trap buffersize 2048
Related commands
snmp-agent trap enable syslog
info-center timestamp
Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file.
Use undo info-center timestamp to restore the default.
Syntax
info-center timestamp { boot | date | none }
undo info-center timestamp
Default
The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.
Views
System view
Predefined user roles
network-admin
Parameters
boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2019. The boot time shows the time since system startup.
date: Sets the timestamp format to MMM DD hh:mm:ss:ms YYYY, such as Dec 8 10:12:21:708 2019. The date time shows the current system time.
· MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.
· DD: Date, starting with a space if it is less than 10, for example " 7".
· hh:mm:ss:ms: Local time, with hh in the range of 00 to 23, mm and ss in the range of 00 to 59, and ms in the range of 0 to 999.
· YYYY: Year.
none: Indicates no time information is provided.
Examples
# Set the timestamp format to boot for logs sent to the console, monitor terminal, log buffer, and log file.
<Sysname> system-view
[Sysname] info-center timestamp boot
Related commands
info-center timestamp loghost
info-center timestamp loghost
Use info-center timestamp loghost to set the timestamp format for logs sent to log hosts.
Use undo info-center timestamp loghost to restore the default.
Syntax
info-center timestamp loghost { date [ with-milliseconds ] | iso [ with-milliseconds | with-timezone ] * | no-year-date | none }
undo info-center timestamp loghost
Default
The timestamp format for logs sent to log hosts is date.
Views
System view
Predefined user roles
network-admin
Parameters
date: Sets the timestamp format to MMM DD hh:mm:ss YYYY, such as Dec 8 10:12:21 2019. The date time shows the current system time.
iso: Sets the ISO 8601 timestamp format, for example, 2019-09-21T15:32:55.
with-milliseconds: Sets the timestamp to be accurate to milliseconds for logs output to log hosts in date or ISO 8601 format. The millisecond value is appended to the time information in the timestamp with a dot as the separator. If you do not specify this keyword, the timestamp in date or ISO 8601 format is accurate to seconds.
· Example of a timestamp in date format with millisecond accuracy: Dec 8 10:12:21.708 2019.
· Example of a timestamp in ISO 8601 format with millisecond accuracy: 2019-09-21T15:32:55.708.
with-timezone: Includes the time zone information in the ISO format timestamp. For example, 2019-09-21T15:32:55+01:00. By default, the ISO format timestamp does not contain the time zone information.
no-year-date: Sets the timestamp format to the current system date and time without year or millisecond information.
none: Indicates that no timestamp information is provided.
Usage guidelines
You can use either the info-center timestamp loghost or timestamp command to configure the format of logs sent to the log host. Specifically:
· The info-center timestamp loghost command in system view is effective for all log hosts.
· The timestamp command in log output profile view applies only to log hosts that use the log output profile.
The configuration in log output profile view takes precedence over the configuration in system view. If a log host is bound to a log output profile, the device will use the configuration in the log output profile when sending logs to the log host. The configuration in system view will not take effect on that log host.
Examples
# Set the timestamp format to no-year-date for logs sent to log hosts.
<Sysname> system-view
[Sysname] info-center timestamp loghost no-year-date
Related commands
info-center timestamp
timestamp
info-center trace-logfile quota
Use info-center trace-logfile quota to set the maximum size for the trace log file.
Use undo info-center trace-logfile quota to restore the default.
Syntax
info-center trace-logfile quota size
undo info-center trace-logfile quota
Default
The maximum size for the trace log file is 10 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Sets the maximum size for the trace log file, in MB. The value range is 1 to 10.
Usage guidelines
This command sets the maximum size for the trace log file stored in the memory.
Examples
# Set the maximum size to 6 MB for the trace log file.
<Sysname> system-view
[Sysname] info-center trace-logfile quota 6
locate-info with-sn
Use locate-info with-sn to configure logs to carry the device serial number.
Use undo locate-info with-s to restore the default.
Syntax
locate-info with-sn
undo locate-info with-sn
Default
The device serial number is not carried in logs.
Views
Log output profile view
Predefined user roles
network-admin
Usage guidelines
With this command configured, the device serial number (SN) will be carried in logs output by the device. The user can easily identify the device.
You can use both the info-center loghost locate-info with-sn and locate-info with-sn commands to add the device serial number to the location field of logs sent to log hosts. The two commands take effect on different scopes of log hosts:
· The info-center loghost locate-info with-sn command configured in system view takes effect on all log hosts.
· The locate-info with-sn command configured in log output profile view takes effect on only log hosts applying the log output profile.
The configuration in log output profile view takes precedence over the configuration in system view. If a log host is bound to a log output profile, the device will use the configuration in the log output profile when sending logs to the log host. The configuration in system view will not take effect.
Examples
# Create log output profile profile1 and configure logs to carry the device serial number.
<sysname> system-view
[Sysname] info-center output-profile profile1
[sysname-ic-profile-profile1]locate-info with-sn
Related commands
info-center loghost
info-center loghost locate-info with-sn
logfile save
Use logfile save to manually save logs in the log file buffer to the log file.
Syntax
logfile save
Views
Any view
Predefined user roles
network-admin
Usage guidelines
You can specify the directory to save the log file by using the info-center logfile directory command.
The system clears the log file buffer after saving the buffered logs to the log file automatically or manually.
If the log file buffer is empty, this command displays a success message event though no logs are saved to the log file.
Examples
# Manually save logs from the log file buffer to the log file.
<Sysname> logfile save
The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.
Related commands
info-center logfile enable
info-center logfile directory
reset logbuffer
Use reset logbuffer to clear the log buffer.
Syntax
reset logbuffer
Views
User view
Predefined user roles
network-admin
Examples
# Clear the log buffer.
<Sysname> reset logbuffer
Related commands
display logbuffer
security-logfile save
Use security-logfile save to manually save security logs from the security log file buffer to the security log file.
Syntax
security-logfile save
Views
Any view
Predefined user roles
security-audit
Usage guidelines
The system clears the security log file buffer after saving the buffered security logs to the security log file automatically or manually.
If the security log file buffer is empty, this command displays a success message event though no security logs are saved to the security log file.
To use this command, a local user must have the security-audit user role. For information about configuring the security-audit user role, see AAA configuration in User Access and Authentication Configuration Guide.
Examples
# Manually save the security logs in the security log file buffer to the security log file.
<Sysname> security-logfile save
The contents in the security log file buffer have been saved to the file flash:/seclog/seclog.log.
Related commands
info-center security-logfile directory
authorization-attribute (User Access and Authentication Command Reference)
snmp-agent trap enable syslog
Use snmp-agent trap enable syslog to enable SNMP notifications for log messages.
Use undo snmp-agent trap enable syslog to disable SNMP notifications for log messages.
Syntax
snmp-agent trap enable syslog
undo snmp-agent trap enable syslog
Default
The device does not send SNMP notifications for log messages.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to send an SNMP notification for each log message it outputs. The device encapsulates logs in SNMP notifications and then sends them to the SNMP module and the log trap buffer.
For the SNMP module to send the received SNMP notifications correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
To view the traps in the log trap buffer, access the MIB corresponding to the log trap buffer. The log trap buffer size can be set by using the info-center syslog trap buffersize command.
Examples
# Enable the device to send SNMP notifications for log messages.
<Sysname> system-view
[Sysname] snmp-agent trap enable syslog
Related commands
info-center syslog trap buffersize
terminal debugging
Use terminal debugging to enable output of debugging messages (debugging-level log messages) to the current terminal.
Use undo terminal debugging to disable output of debugging messages to the current terminal.
Syntax
terminal debugging
undo terminal debugging
Default
Output of debugging messages to the current terminal is disabled.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command enables output of debugging-level log messages to the current terminal.
To enable output of debugging messages to the console, perform the following tasks:
1. Execute the terminal debugging command.
2. Enable the information center. The information center is enabled by default.
3. Use a debugging command to enable the related debugging.
To enable output of debugging messages to the monitor terminal, perform the following tasks:
1. Execute the terminal monitor and terminal debugging commands.
2. Enable the information center. The information center is enabled by default.
3. Use a debugging command to enable the related debugging.
This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.
You can also enable output of debugging messages to the current terminal by executing the terminal logging level 7 command. The terminal logging level 7 command and the terminal debugging command have the following differences:
· The terminal logging level 7 command enables log output for all log severity levels (levels 0 through 7).
· The terminal debugging command enables log output for the following log severity levels:
¡ Debugging level (level 7).
¡ Severity level higher than or equal to the level specified in the terminal logging level command.
Examples
# Enable output of debugging messages to the current terminal.
<Sysname> terminal debugging
The current terminal is enabled to display debugging logs.
Related commands
terminal logging level
terminal monitor
terminal logging level
Use terminal logging level to set the lowest level of logs that can be output to the current terminal.
Use undo terminal logging level to restore the default.
Syntax
terminal logging level severity
undo terminal logging level
Default
The lowest level of logs that can be output to the current terminal is 6 (Informational).
Views
User view
Predefined user roles
network-admin
Parameters
severity: Specifies a log severity level. Valid values are alert, critical, debugging, emergency, error, informational, notification, warning, and digits from 0 to 7.
Usage guidelines
This command enables the device to output logs with a severity level higher than or equal to the specified level to the current terminal. For example, if you set the severity argument to 6, logs with a severity value from 0 to 6 are output to the current terminal.
This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.
Examples
# Configure the device to output logs with the debugging level and higher levels to the current terminal.
<Sysname> terminal logging level 7
terminal monitor
Use terminal monitor to enable log output to the current terminal.
Use undo terminal monitor to disable log output to the current terminal.
Syntax
terminal monitor
undo terminal monitor
Default
Log output to the console is enabled, and log output to the monitor terminal is disabled.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.
Examples
# Enable log output to the current terminal.
<Sysname> terminal monitor
The current terminal is enabled to display logs.
timestamp
Use timestamp to configure the log timestamp format.
Use undo timestamp to restore the default.
Syntax
timestamp { date [ with-milliseconds ] | iso [ with-milliseconds | with-timezone ] * | no-year-date | none }
undo timestamp
Default
The log timestamp format is date.
Views
Log output profile view
Predefined user roles
network-admin
Parameters
date: Sets the timestamp format to MMM DD hh:mm:ss YYYY, such as Dec 8 10:12:21 2019. The date time shows the current system time.
with-milliseconds: Sets the timestamp to be accurate to milliseconds for logs output to log hosts in date or ISO 8601 format. The millisecond value is appended to the time information in the timestamp with a dot as the separator. If you do not specify this keyword, the timestamp in date or ISO 8601 format is accurate to seconds.
· Example of a timestamp in date format with millisecond accuracy: Dec 8 10:12:21.708 2019.
· Example of a timestamp in ISO 8601 format with millisecond accuracy: 2019-09-21T15:32:55.708.
iso: Sets the ISO 8601 timestamp format, for example, 2019-09-21T15:32:55.
with-timezone: Includes the time zone information in the ISO format timestamp. For example, 2019-09-21T15:32:55+01:00. By default, the ISO format timestamp does not contain the time zone information.
no-year-date: Sets the timestamp format to the current system date and time without year or millisecond information.
none: Indicates that no timestamp information is provided.
Usage guidelines
You can use either the info-center timestamp loghost or timestamp command to configure the format of logs sent to the log host. Specifically:
· The info-center timestamp loghost command in system view is effective for all log hosts.
· The timestamp command in log output profile view applies only to log hosts that use the log output profile.
The configuration in log output profile view takes precedence over the configuration in system view. If a log host is bound to a log output profile, the device will use the configuration in the log output profile when sending logs to the log host. The configuration in system view will not take effect on that log host.
Examples
# Create log output profile profile1 and set the log timestamp format to no-year-date.
<sysname> system-view
[sysname] info-center output-profile profile1
[sysname-ic-profile-profile1] timestamp no-year-date
Related commands
info-center loghost
info-center timestamp loghost
