Os ch08
Os ch08
Logging Overview
Whether you are troubleshooting, configuring, or simply monitoring the switch, you may find
it useful to view a history of various switch activities. The Logging submenu contains a list of
commands for viewing and configuring logging on the system. To enter the logging submenu,
enter
logging
at the system prompt Enter a question mark (?) and then press <Enter> to display the follow-
ing list of commands:
Command Logging Menu
syslog Change the syslog parameters (not part of Switch Logging feature)
swlogc Configure Switch Logging source/destination mapping and priority levels
cmdlog Show UI Command entries in the mpm.log file
conlog Show Connection entries (logins/logouts) entries in the mpm.log file
caplog Show Screen Capture entries in the mpm.log file
debuglog Show Debug message entries in the mpm.log file
seclog Show Secure Access entries in the mpm.log file
Page 8-1
Configuring the Syslog Parameters
(save/quit/cancel)
:
Select the number of the item you want to change. To change any of the values on the previ-
ous page, enter the line number, followed by an equal sign (=), and then the new value. For
example, to turn off console logging, enter:
6=no
The question mark (?) option refreshes the screen. To update the values you have changed,
enter save. If you do not want to save the changes enter quit or cancel, or press Ctrl-D.
The fields displayed by the syslog command are described below.
1. Log host. The name of the host where you want the syslog messages sent. The Domain
Name Server (DNS) must be configured for this to work. Use the res command to config-
ure the DNS. (The res command is described in Chapter 18, “RMON and DNS Resolver.”)
2. Log host IP. The IP address of the host where you want the syslog messages sent. If the IP
address and the Log host name disagree, the IP address takes precedence.
3. Syslog port (514). The port to which the syslog messages will be sent on the specified host.
Port 514 is the normal port number used and is the default.
4. Default facility code. The facility code is used to identify which sub-system generated the
syslog message. Note that this code is used only as a default for tasks that do not have a
facility code. See the table below for a list of the facility codes. The default is local0.
Page 8-2
Configuring the Syslog Parameters
41. Override internals. This setting will force all syslog messages to use the default facil-
ity code specified in item No. 4 above instead of their own predefined facility codes.
Page 8-3
Configuring the Syslog Parameters
5. Default priority mask. The mask for the priority code. Indicates the type of syslog message.
Note that this mask is used only as a default for tasks that do not have a priority code.
Priority codes for syslog messages are usually hardcoded. The table below is a list of
priority codes.
LOG_INFO 6 info
51. Override internals. This field will force all syslog messages to use the default prior-
ity mask specified in item No. 5 above instead of their own predefined priority masks.
52. Display internals. This field allows the user to display the task log level. Enter
52=yes to display the sub-menu below. If, for example, you wanted to change the priority
mask CM via kern from “warn” to “alert,” you would enter 4=alert. Note that this change
will take place immediately and you do not need to enter save for it to take effect. Type
save, quit, or cancel and then press <Enter> to return to the main syslog menu.
Page 8-4
Configuring the Syslog Parameters
6. Console logging. Determines whether or not you want to see syslog messages on your
console (terminal). If set to yes, the messages will be displayed on either an ASCII termi-
nal connected to the console port or via a Telnet session.
7. Log Task ID. Determines whether or not you want to see the task ID that can be included
in the syslog message.
71. Use Task Name. This allows the user to display descriptive task names for syslog
messages (see the Display internals sub-menu above) instead of numeric codes.
8. Message tag. Text of up to 10 characters that is added to every message leaving the
switch. It is useful when multiple switches send messages to the same host.
.
Page 8-5
Configuring Switch Logging
1) Security Logging:
Enabling security logging allows you to view all security violations that occur within the
switch. Set to enable to activate logging for any security violations that occur within the
switch. Set to disable to de-activate logging for security violations.
♦ Note ♦
Security Violations must be enabled in order to display
the Secure Switch Access violations log (seclog).
11) File:
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for Security Logging.
Page 8-6
Configuring Switch Logging
12) Console:
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for Security Logging.
2) FTP Logging
FTP Session Events is a record of all FTP (File Transfer Protocol) activities since session
logging was activated. Once you enable FTP Logging by entering 2=enable, you may view it
through the conlog command (described in Displaying the Connection Entries in the FFS Log
on page 8-11). To disable FTP Session Events logging, enter 2=disable. To store the data in the
flash file system or screen, enter 21=yes. To disable FTP Logging to the flash file system, enter
21=no.
21) File
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for Security Logging.
22) Console
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for Security Logging.
31) File
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for Flash File Logging.
32) Console
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for Flash File Logging.
4) Screen Capture
Screen logging captures screen text for logging. To enable screen logging, enter 4=enable. To
disable screen logging, enter 4=disable. To store the screen capture in the flash file system,
enter 41=yes. Note that since screen text already goes to the screen, screen logging is not
permitted. If you want to display the screen capture entries for all logged users, use the
caplog command (for more information, see Displaying Screen (Console) Capture Entries in
the FFS Log on page 8-12). To disable screen logging to the flash file system, enter 41=no.
41) File
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for Screen Capture.
Page 8-7
Configuring Switch Logging
42) Console
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for Screen Capture.
51) File
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for Console Event Logging.
52) Console
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for Console Event Logging.
61) File
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for User Interface Logging.
62) Console
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for User Interface Logging.
6) Telnet Logging
Telnet Logging is a record of all Telnet activities since session logging was activated. Once
you enable Telnet Session Events logging by entering 6=enable, you may view it through the
conlog command (described in Displaying the Connection Entries in the FFS Log on page 8-
11). To disable logging for Telnet Session Events, enter 4=disable. To store the data in the
flash file system or screen, enter 61=yes (ffs) or 62=yes (screen). To disable Telnet Session
Events logging to the flash file system or screen, enter no at the corresponding line.
Page 8-8
Configuring Switch Logging
61) File
Set to yes (y) to store the log in the flash file system. Set to no (n) to disable the flash file
system as the output device for Telnet Logging.
62) Console
Set to yes to store the log to the screen. Set to no to disable the screen as an output
device for Telnet Logging.
Page 8-9
Displaying the Command History Entries in the FFS Log
♦ Note ♦
If you just want to display the commands executed
during the current session you can use the history
command, which is described in Chapter 8, “The User
Interface.”
Page 8-10
Displaying the Connection Entries in the FFS Log
Page 8-11
Displaying Screen (Console) Capture Entries in the FFS Log
Select which user’s screen entries you would like to view by entering the user’s line number
at the prompt. The following is a sample display of screen capture entries after you have
made your selection:
1) Console
2) Modem
3) Telnet (0)
4) Telnet (1)
5) Telnet (2)
6) Telnet (3)
select ? 1
=======================Start Screen Capture Display for Console==================
/ % systat
Page 8-12
Displaying Screen (Console) Capture Entries in the FFS Log
4) Telnet (1). Displays screen capture entries for the user logged in from the second telnet
session.
5) Telnet (2). Displays screen capture entries for the user logged in from the third telnet
session.
6) Telnet (3).Displays screen capture entries for the user logged in from the fourth telnet
session.
Page 8-13
Displaying Debug Entries in the FFS Log
Page 8-14